As I continue on my first week at Sucuri, the global website security company, I realize that there are things I really need to fix in relation to my own websites. I have a few different properties that I manage, Being AJiLe is just one of them, but I do have a small business website, several blogs, my music, and my portfolio all hosted with 1&1 hosting (which is a shared account, not ideal!).
The more I move through my training plan that’s been outlined for me, the more I realize the importance of security, even if you have a simple blog that’s read by 7 people out there. Which is probably how many regular readers I have.
This is going to be a series on web security. And I’ll tag it as such, but I wanted to quickly start off with super basic fundamentals on how the internet and world wide web work. Because make no mistake—those are separate things!! Yes, the web is NOT the internet, it’s a part of the internet, but not the same.
The Internet: a massive networking infrastructure that connects millions of computers globally.
The World Wide Web (aka The Web): a way of transmitting and receiving data using certain protocols, like HTTP (Hyper Text Transfer Protocol—the standard protocol for transferring data over the web).
I know, right? You thought it was the same thing. Yeah, I kinda did too, just don’t tell anyone.
So, with that in mind, there are two different components that are imperative to communications over the web: clients and servers. Clients are pretty much you right now. If you’re reading this post on a Mac, or iPhone, or PC — then your device is acting as a client. A client really is any device that requests and renders web content.
On the flip side, there needs to be servers, which are applications that deliver web content to clients. Now technically, and this is where it gets tricky, but you could potentially turn your computer into a server with the right type of software installed. And you could deliver web content if you truly wanted to.
Now let’s take a look at a URL, also known as a Uniform Resource Locator, it’s that link that you type into your address bar, which I’m sure you all know. But! Do you know how it works? Cause it’s pretty cool! Well let’s break it down… When you type a link into the address bar it goes to locate the requested content, which will then pass through a DNS (or Domain Name Server) which translates that URL into an IP address. All domains have their own IP Address, something like 218.104.22.1684, but if you had to remember that every time you wanted to find it, that would suck! And not be very fun! So URL’s were invented to be a human-readable way to remember web addresses. Pretty neat, huh?
There are a lot of different protocols for transmitting/transferring data over the web, but here are a few:
HTTP – Hyper Text Transfer Protocol — the standard protocol for transferring data over the web. It’s considered a “stateless” protocol, which means that once the connection is made, it’s forgotten about which makes it great for the web as not to use a continual amount of bandwidth.
TCP/IP – Transmission Control Protocol / Internet Protocol — first networking protocol defined as the standard.
RTP – Real-time Transfer Protocol — standard protocol used for video and audio.
SMTP – Simple Mail Transfer Protocol — standard for sending and receiving emails, but if you want encrypted emails you’ll need to enable PGP (or Pretty Good Privacy – I’ll write about this in another post ’cause it’s pretty dang cool. I sent my first encrypted email just the other day!)
Now, browsers pretty much have all the same components across the board. That is not to imply they’re equal. I very much like Chrome, but I know others who love Firefox and Safari. However, I don’t know many people who like Internet Explorer, I know people who use it, but I don’t think they like it!
COMPONENTS OF A BROWSER:
- Browser User Interface: this is stuff you see – the bookmarks bar, address bar, the window, visual elements, etc.
- Internal Engine: this is what you don’t see that directs communication across the various components.
- Rendering Engine: now this is different for each browser. Like Firefox uses the Gecko rendering engine and Chrome uses the Blink rendering engine. That’s why when web dev shops build a website they have to test all these different browsers to make sure things are rendering properly, it’s a pain, but these are getting more standardized!
- Networking: the protocols used.
- Data Storage: internal data storage and session management capabilities, usually in the form of cookies.
Let’s talk a little about web standards
Web standards are one of those things that really has evolved in a short amount of time. Back in the 1990’s there was a browser war going on between Netscape Navigator and Internet Explorer, it was a war for market dominance! But what happened was that each browser (or team) kept coming out with proprietary features making website building very difficult!
So, a group of web developers and designers got together and started W3C, the World Wide Web Consortium, to implement “recommendations” to each company making browsers to make things easier for the web development community. It promoted and encouraged the use to standard-compliant browsers. Because in the wild west world that was the web in the 90’s, it really needed some law and order. And it got it. Now we have standards and most companies follow them. I’m a big fan of standards, I think they’ll continue to evolve and get better.
You can always check out the Web Standards Project to see the cool things they continue to do. Today, the big thing in web standards is accessibility. So, if you have a site, try and make it web accessible. Meaning putting alt image text tags, using skip links, etc. To learn more about web accessibility, check out The A11Y Project — be a part of it!
That’s what I got for you on this post, but have no fear, I will be back next week to tell you more of my exploits and education as I continue down the journey to be the most knowledgeable web security consultant out there!