Introduction to HTTP

In this lesson, we'll give a brief overview to the HyperText Transfer Protocol.

We'll cover the following

HTTP is a thing of beauty. It is a protocol that has survived for longer than 20 years with very few changes.

As we saw in the previous chapter, browsers interact with web applications through the HTTP protocol, and this is the main reason we’re drilling down on the subject.

If users enter their credit card details on a website and an attacker is able to intercept the data before it reaches the server, we would definitely be in trouble. Understanding how HTTP works, how we can secure the communication between clients and servers, and what security-related features the protocol offers is the first step towards improving our security posture.

Semantics vs. technical implementation

When discussing HTTP we should always discern between the semantics and technical implementation, as they’re two very different aspects of how HTTP works.

The key difference between the two can be explained with a simple analogy; 20 years ago people cared about their relatives as much as they do now, even though the way they interact has substantially changed. 20 years ago, our parents would drive their car to their sister’s house in order to catch up and spend some quality time together. These days it’s more common to drop a message on WhatsApp, make a phone call, or use a Facebook group, things that weren’t always possible. This is not to say that people communicate or care more or less, but simply that the way they interact has changed.

HTTP is no different. The semantics behind the protocol haven’t changed much, but the technical implementation of how clients and servers talk to each other has been optimized over the years. If you look at an HTTP request from 1996 it will look very similar to the ones we saw in the previous chapter, even though the way those packets fly through the network is very different.

We’ll look at a quick overview of HTTP in the next lesson.

Get hands-on with 1200+ tech skills courses.