ETHICAL HACKING NET-185-001N Week 14
This week, I've learned about a variety of things.
I learned more about the QUIC protocol, which came from 'Quick UDP Internet Connections' (which is an accurate and concise description of it), although it is merely used as a name now. It was created by Google, which has created a lot of innovative web technologies. Ars Technica has an article on it a while back. 'The next version of HTTP won't be using TCP | Ars Technica'
I also learned of Google Gruyere, which is named for a type of cheese from the Franco-Swiss border regions. https://google-gruyere.appspot.com. It is a website designed to be used for learning about attacks on websites, including through manipulating the website in ways that wouldn't be legally allowed without permission.
I was aware of traversing different parts of websites through manipulating the URLs (http://www.homestarrunner.com/sbemail100.html is a clever example of a joke, the real content is at http://www.homestarrunner.com/sbemailahundred.html instead). I had also heard of SQL injection, although I had mostly heard of it being done through text fields of form submissions rather than URLs.
I have also noticed that different web servers identify themselves (particularly nginx, which seems to be quite popular), especially when the website is down for some reason, usually an error or sometimes maintenance, or if you try to visit a page that doesn't exist. Sometimes the page states what operating system the web server software is running on, which is frequently Debian, although I know Ubuntu and BSD are also popular choices.
It was quite common in the past for people learning about web development to view the source code of web pages to learn how they worked, (and many still do when it is useful), but many pages now rely heavily on remotely generated content using PHP or some other language and a veritable spaghetti of Javascript, frequently involving WordPress plug-ins as well (https://wordpress.org) or using tools like SquareSpace (https://www.squarespace.com)
I learned more about the QUIC protocol, which came from 'Quick UDP Internet Connections' (which is an accurate and concise description of it), although it is merely used as a name now. It was created by Google, which has created a lot of innovative web technologies. Ars Technica has an article on it a while back. 'The next version of HTTP won't be using TCP | Ars Technica'
I also learned of Google Gruyere, which is named for a type of cheese from the Franco-Swiss border regions. https://google-gruyere.appspot.com. It is a website designed to be used for learning about attacks on websites, including through manipulating the website in ways that wouldn't be legally allowed without permission.
I was aware of traversing different parts of websites through manipulating the URLs (http://www.homestarrunner.com/sbemail100.html is a clever example of a joke, the real content is at http://www.homestarrunner.com/sbemailahundred.html instead). I had also heard of SQL injection, although I had mostly heard of it being done through text fields of form submissions rather than URLs.
I have also noticed that different web servers identify themselves (particularly nginx, which seems to be quite popular), especially when the website is down for some reason, usually an error or sometimes maintenance, or if you try to visit a page that doesn't exist. Sometimes the page states what operating system the web server software is running on, which is frequently Debian, although I know Ubuntu and BSD are also popular choices.
It was quite common in the past for people learning about web development to view the source code of web pages to learn how they worked, (and many still do when it is useful), but many pages now rely heavily on remotely generated content using PHP or some other language and a veritable spaghetti of Javascript, frequently involving WordPress plug-ins as well (https://wordpress.org) or using tools like SquareSpace (https://www.squarespace.com)
Comments
Post a Comment