Fundamental of Web - Technologies, Protocols and More

Basic knowledge about web helps a tester lot be a good Web Tester. We everyday browse many web pages but we hardly looks how they are created. The World Wide Web is a way of exchanging information between computers on the Internet. Many technologies, protocols, servers and other components are involved to develop a Web application.

ASP.NET; a part of the .NET Framework, can be used to create anything from small, personal websites through to large, enterprise-class web applications. Languages: Visual Basic, C#, JScript .NET, and J# can be used to develop (or language compatible with common language runtime).ASP.NET Web pages are completely object-oriented. Within ASP.NET Web Pages, you can work with HTML elements using properties, methods, and events.

Proxy Server:
  In an enterprise that uses the Internet, a proxy server is a server that acts as an intermediary between a workstation user and the Internet so that the enterprise can ensure security, administrative control, and caching service. A proxy server receives a request for an Internet service (such as a Web page request) from a user. If it passes filtering requirements, the proxy server, assuming it is also a cache server , looks in its local cache of previously downloaded Web pages. If it finds the page, it returns it to the user without needing to forward the request to the Internet. If the page is not in the cache, the proxy server, acting as a client on behalf of the user, uses one of its own IP addresses to request the page from the server out on the Internet. When the page is returned, the proxy server relates it to the original request and forwards it on to the user. To the user, the proxy server is invisible; all Internet requests and returned responses appear to be directly with the addressed Internet server.

A cache is a french word meaning 'to store'. It is useful for to make page load faster, to reduce wide area bandwidth usage, to reduce the load placed in origin server. Negative side is it might return out-of-date information to users. Sometime cache may not be able to reach server to return data.

What web protocol is ?
When two or more computers communicate in Internet , they must have a common way in which to communicate. They use protocol to do it. Simply, protocol is an agreement by which two or more computers can communicate.

Transmission Control Protocol/Internet Protocol(TCP/IP) is set of Internet communication protocol.
Transfer Control Protocol (TCP) breaks data into small pieces (called Packets) of no bigger than 1500 characters each. Each packet is inserted into different Internet Protocol (IP) “envelopes.” Each contains the address of the intended recipient and has the exact same header as all other envelopes. A router receives the packets and then determines the most efficient way to send the packets to the recipient. Upon arrival at their destination, TCP checks the data for corruption against the header included in each packet. If TCP finds a bad packet, it sends a request that the packet be re-transmitted. Numeric IP address( is a 32-bit address comprised of four 8-bit numbers (28) separated by periods. Each of the four numbers has a value between 0 and 255) works perfectly for web address However instead of IP Address, use of
Uniform Resource Locators (URLs) is in use because of it's user friendliness. So when a human types a URL into a browser, the request is sent to a Domain Name Server (DNS), which then translates the URL to an IP address understood by computers.

Simple Mail Transport Protocol (SMTP) is the network protocol used to send email across the Internet. the messages can then be retrieved with an e-mail client using either POP or IMAP (POP - Post Office Protocol, and IMAP - Internet Message Access Protocol are protocols to retrieve e-mail from server) .

HTTP (Hypertext Transfer Protocol) is the set of rules for transferring files (text, graphic images, sound, video, and other multimedia files) on the World Wide Web. Whenever you surf the web, your browser will be sending HTTP request messages for HTML pages, images, scripts and styles sheets. Web servers handle these requests by returning response messages that contain the requested resource.
HTTP protocol is not suitable for use in a wide range of applications because it can be easily monitored and replayed. For example, someone using a network monitor can easily capture passwords used to access a banking web site. So, HTTP supports the use of several authentication mechanisms to control access to pages and other resources. HTTPs runs over an encrypted SSL session (HTTP over SSL (Secure Sockets Layer)). So, if the website begins with https:// instead of http://, it is a secure site. Client and server need to create a shared secret key by using a public / private key handshake. Typically, HTTP data is sent over TCP/IP port 80, whereas SSL HTTP data is sent over port 443. 
Web have a secure connection or not?:
In Internet Explorer, you will see a lock icon in the Security Status bar. The Security Status bar is located on the right side of the Address bar.
For example this web site is not secure. Security status bar color is red. and there is certification error instead of lock sign.

This website is secured. It has white Security Status bar That means it has normal validation certificate and lock sign is there.

This website is secured. it has green Security Status bar . That means it has extended validation certificate.

Color in web status bar; What it means?
Red: The certificate is out of date, invalid, or has an error. For more information, see "About Certificate Errors" in Related Topics.
Yellow: The authenticity of the certificate or certification authority that issued it cannot be verified. This might indicate a problem with the certification authority's website.
White: The certificate has normal validation. This means that communication between your browser and the website is encrypted. The certification authority makes no assertion about the business practices of the website.
Green: The certificate uses extended validation. This means that communication between your browser and website is encrypted and that the certification authority has confirmed the website is owned or operated by a business that is legally organized under the jurisdiction shown in the certificate and on the Security Status bar. The certification authority makes no assertion about the business practices of the website.

File Transfer Protocol (FTP), a standard Internet protocol is the simplest way to exchange files between computers on the Internet. Like the Hypertext Transfer Protocol HTTP which transfers displayable Web pages and related files, and the Simple Mail Transfer Protocol SMTP which transfers e-mail, FTP is an application protocol that uses the Internet's TCP/IP protocols. FTP is commonly used to transfer Web page files from their creator to the computer that acts as their server for everyone on the Internet. It's also commonly used to download programs and other files to your computer from other servers.

Dynamic Host Configuration Protocol (DHCP) is a standard protocol defined by RFC 1541 (which is superseded by RFC 2131) that allows a server to dynamically distribute IP addressing and configuration information to clients. Normally the DHCP server provides the client with at least this basic information: •IP Address,•Subnet Mask,•Default Gateway. Other information can be provided as well, such as Domain Name Service (DNS) server addresses and Windows Internet Name Service (WINS) server addresses. The system administrator configures the DHCP server with the options that are parsed out to the client.

Session :
Session management entails the application sending the client (in most cases, a web browser) a session token after successful authentication. In most cases, this token is passed via the Set-Cookie directive of HTTP and is stored on the client. The session token must then be sent by the client along with every HTTP request to the server to identify itself to the web-based application. The application can then determine whether the client is authorized to access the page being requested.
once a user has authenticated herself to the web server, her next HTTP request (GET or POST) should not cause the web server to ask her for her account and password again. For a discussion of the methods used to accomplish this please see HTTP cookie.
The session information is stored on the web server using the session identifier (session ID) generated as a result of the first (sometimes the first authenticated) request from the end user running a web browser. Web server stores session IDs and the associated session data (user name, account number, etc.).
A cookie is a piece of data that is issued by a server in an HTTP response and stored for future use by the HTTP client. The client then re-supplies the cookie value in subsequent requests to the same server. This mechanism allows the server to store user preferences and identity individual users. Cookies are usually used to represent or reference private information.

1 comment:

Anonymous said...

This is a wonderful piece of basic introduction to WWW. I am a Lecturer for Basics of Web Technologies; and I found this piece a nice one for my students.