"Notes" NetEase micro-professional-web safety Engineer -01.web Basic knowledge

Course Overview:

This lesson is the basis of the basic, easy to understand the nature of the web and the basic knowledge of web development. For the Web small white, it is recommended to learn from the beginning; For those who already have a certain basic knowledge of the web, it is recommended to quickly over and tamp the foundation.

Course Outline:

Chapter One introduction to the Web

The first section. Web Introduction

The second section. Web Communication

Chapter II Basic knowledge of web development

Section I. Front-end Development Basics--html

Section II. Front-end Development Foundation--javascript

The third section. Web server-side environment

Section fourth. Backend Development Foundation--sql

Section fifth. Backend Development Foundation--php

NOTES: what is 1.1.1 www?

WWW is the abbreviation of Global Information Network (World Wide Web), the Chinese is called the WWW, the famous w3cschool in the World Wide Web represents the "WWW alliance". The role of WWW is to allow Web clients (browsers) to access content on the Web server. In the World Wide Web system, each useful thing, called a "resource (Resource)", is identified by a "global Uniform Resource Identifier (Uri:uniform Resource Identifier)", and the user locates and obtains the resource by clicking on the link, which is called " URL protocol (Uniform Resource Locator) ", and these resources are transmitted to the user through the Hypertext Transfer Protocol (hypertext Transfer Protocol).

what are 1.1.2 web1.0 and web2.0?

web1.0: Content-centric, Web site provides content information, user access to read, information one-way transmission, typically have a portal site and personal site;

web2.0: People-centric, users can add content, communication and interaction with each other, typically have Weibo and blog;

WEB3.0: The current concept of fire, but not a clear definition of unity. A common concept is that the Web site in turn becomes the user's needs understanding and provider, taking the "Semantic Web" as an example: by adding semantic "metadata" (meta data) that can be understood by the computer to a document on the World Wide Web (html/xml, etc.), making the entire Internet a universal information exchange medium.

And as the web evolves from 1.0 to 2.0, common Web attack methods also extend from SQL injection and upload vulnerabilities to XSS,CSRF and other client-side means.

Client/Front end: Fishing, dark chain, XSS, CSRF, click Hijacking, URL jump, etc.

Server/backend: SQL injection, command injection, file upload, file inclusion, brute force hack, etc.

1.2.1 What happens when we access URLs through a browser?

A. The DNS server resolves the domain name to an IP address;

B. The browser sends an HTTP request to the Web server;

C. The server receives the request and processes it;

D. The Web server returns an HTTP response to the browser;

E. The browser decodes and renders the received response and content;

1.2.2 URL Protocol

Uniform Resource Locator, locating the server's resources

schema://host[:p ort#]/path/.../[?query-string][#anchor]

Schema: The underlying protocol, common http/https/ftp and so on; Host: the domain name or ip;port:http default is 80;query-string: Data sent to the server; Anchor: Anchor Point;

1.2.3 HTTP protocol

Hypertext Transfer Protocol, Transport server resources

HTTP request: Request line, message header (blank line), request data;

HTTP response: Status line, message header (blank line), response data;

HTTP request method: Get,post,head + options,put,delete,trace,connect.

HTTP status code: Learn about common status codes, ok,302 found,403 forbidden,404 not found,500 Internal server error,503 server unavailable.

2.1 html/js/sql/php

Online Learning: W3school

Practice Tool: Phpstudy

Web Security related points:

HTML: Elements (Annotations/images/links/forms/Inline frame iframe), tags, attributes (tags name/id etc.; event Onload/onerror/onclick, etc.), DOM (Document Object Model);

Js:html DOM (Get elements, locate content, make modifications), Bom/browser Object Mode (Alert/confirm/prompt;document.cookie, etc.);

SQL: Learn basic statements, and learn about common built-in functions;

Php:$_request,$_files,$_server, etc.;

2.2 Current popular architectures

	OS	Web Services	Interpreting the execution Environment	Database Services
. NET	Windows Server	Iis	ASP (. NET)	SQL Server
LAMP	Linux	Apache	Php	Mysql
J2ee	Unix/windows	Tomcat/weblogic	Jsp	Oracle

"Notes" NetEase micro-professional-web safety Engineer -01.web Basic knowledge