[...]... Required 408 Request Timeout 409 Conflict 410 Gone 411 Length Required 412 Precondition Failed 413 Request Entity Too Large 414 Request-URI Too Long 415 Unsupported Media Type 416 Requested Range Not Able to be Satisfied 417 Expectation Failed 449 8 Description Retry With—A Microsoft extension: the request should be retried after doing the appropriate action | Chapter 1: The Evolving Web Download at Boykma.Com... action is required Table 1- 2 shows the request received, and continuing process Table 1- 2 1xx Informational Codes Status code Description 10 0 Continue 10 1 Switching Protocols 2xx success codes The action was successfully received, understood, and accepted Table 1- 3 shows the codes that indicate successful action Table 1- 3 2xx success codes Status code Description 200 OK 2 01 Created 202 Accepted 203... codes The client must take additional action to complete the request Table 1- 4 lists redirection codes The Rise of the Web | Download at Boykma.Com 7 Table 1- 4 3xx redirection codes Status code Description 300 Multiple Choices 3 01 Moved Permanently 302 Moved Temporarily (HTTP /1. 0) 302 Found (HTTP /1. 1) 303 See Other (HTTP /1. 1) 304 Not Modified 305 Use Proxy (Many HTTP clients, such as Mozilla and Internet... resource Figure 1- 1 shows an HTTP request Finally, he indicated his preference for protocol type and version to use for the transaction The method was not complete until he terminated the line with a carriage return and line feed (CRLF) The Rise of the Web | Download at Boykma.Com 3 Request The Internet Client Server HTTP request GET classic.html HTTP /1. 1 Host: www.secrsite.com Figure 1- 1 An HTTP request... neatly bundled package that contained some information about how the server handled the request, and the requested resource Figure 1- 2 shows an HTTP response Response Client The Internet Server HTTP response HTTP /1. 1 200 OKContent-type: text/html Content-length: 14 06 … Figure 1- 2 An HTTP response (simple) *Click* Now the transaction is over, and I mean over Jim asked for his resource and got it Finito... concerning this book to the publisher: O’Reilly Media, Inc 10 05 Gravenstein Highway North Sebastopol, CA 95472 800-998-9938 (in the United States or Canada) 707-829-0 515 (international or local) 707-829- 010 4 (fax) We have a web page for this book, where we list errata, examples, and any additional information You can access this page at: http://www.oreilly.com/catalog/9780596529 314 To comment or ask technical... terminal window and use good ol’ telnet Jim types: $telnet www.somewebsite.com 80 GET classic.html / HTTP /1. 1 and gets back: Trying xxx.xxx.xxx.xxx Connected to www.somewebsite.com (xxx.xxx.xxx.xxx) Escape character is '^]' HTTP /1. 1 200 OK Date: Fri, 08, Sep 2006 06:03:23 GMT Server: Apache/2.2 .1 BSafe-SSL/2.3 (Unix) Content-type: text/html Content-length: 236 Classic Web Page... significant amount of example code from this book into your product’s documentation does require permission We appreciate, but do not require, attribution An attribution usually includes the title, author, publisher, and ISBN For example: Securing Ajax Applications by Christopher Wells Copyright 2007 Christopher Wells, 978-0-596-529 31- 4.” If you feel your use of code examples falls outside fair use or... 5, A Weak Foundation Explores the major protocols associated with web applications, where the seams are, what the possible attack vectors might be, and some recommended countermeasures to help make applications more secure Chapter 6, Securing Web Services Looks at how web services work, the moving parts, how web technologies such as Ajax can fit in, and what major areas require security attention Chapter... knowledgeable group of people It is truly an honor working with you all Preface | Download at Boykma.Com xiii Download at Boykma.Com Chapter 1 CHAPTER 1 The Evolving Web 1 People are flocking to the Web more than ever before, and this growth is being driven by applications that employ the ideas of sharing and collaboration Web sites such as Google Maps, MySpace, Yahoo!, Digg, and others are introducing . . . . . . . . . . . . . . 13 0 HTTP Vulnerabilities 13 1 The Threats 13 6 JSON 14 3 XML 14 6 RSS 14 8 Atom 14 9 REST 15 2 Download at Boykma.Com viii | Table of Contents 6. Securing Web Services . . . . . . . . . . . 19 0 Web Applications and Open Internet APIs 19 1 Wild Web 2.0 19 2 Mashups and Security 19 4 Open Versus Secure 19 8 A Security Blanket 19 9 Case Studies 2 01 Index . . . . . . . . . . . . . . . . . . . . . 17 4 Building Your Own APIs 17 4 Preconditions 17 9 Postconditions 18 0 Invariants 18 0 Security Concerns 18 1 RESTful Web Services 18 3 8. Mashups . . . . . . . . .