First page Back Continue Last page Summary Graphic
Weaknesses of HTTP
HTTP is a stateless, clear-text protocol
- Statelessness makes it much easier for man-in-the middle type attacks
- Clear-text means that it is trivial for a man-in-the-middle to analyze the interaction between the client and server in real-time. Can capture cookies used for authentication, login names, passwords and other information passed in forms
- It's not easy to properly escape HTML tags in text that is intended to be displayed "as-is"