Abstract
With massive amounts of information being communicated and served over the Internet these days, it becomes crucial to provide fast, effective, and secure means to transport and save data. The previous versions of the Hyper Text Transfer Protocol (HTTP/1.0 and HTTP/1.1) possess some subtle as well as several conspicuous security and performance issues. They open doors for attackers to execute various malicious activities [1]. The final version of its successor, HTTP/2.0, was released in 2015 to improve upon these weaknesses of the previous versions of HTTP. This paper discusses the issues present in HTTP/1.1 by simulating attacks on the vulnerabilities of the protocol and tests the improvements provided by HTTPS and HTTP/2.0. A performance and security analysis of myriad of commonly used Websites has been done. Some of the measures that a Website must take to provide excellent performance and utmost security to its users have also been proposed in this paper.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Fielding, R., Berners-Lee, T.: RFC 2616—Hypertext Transfer Protocol–HTTP/1.1, https://tools.ietf.org/html/rfc2616#page-7.
History of the Web. (2017). World Wide Web Foundation. Retrieved 10 September 2016, from http://webfoundation.org/about/vision/history-of-the-web/.
Berners Lee, T.: Hyper Text Transfer Protocol, https://www.w3.org/History/19921103hypertext/hypertext/WWW/Protocols/HTTP.html.
Podila, P.: HTTP: The Protocol Every Web Developer Must Know—Part 1, https://code.tutsplus.com/tutorials/http-the-protocol-every-web-developer-must-know-part-1–net-31177.
Jon C. R. Bennett; Craig Partridge; Nicholas Shectman (December 1999). “Packet reordering is not pathological network behavior”. IEEE/ACM Transactions on Networking. 7 (6): 789–798. https://doi.org/10.1109/90.811445.
Rouse, M.: Transport Layer Security (TLS), http://searchsecurity.techtarget.com/definition/Transport-Layer-Security-TLS.
Prusty, N.: What is Multiplexing in HTTP/2?, http://qnimate.com/what-is-multiplexing-in-http2/.
Clark, J.: SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements. IEEE Symposium on Security and Privacy (2013).
Wireman, M.: CSRF and XSS: A Lethal Combination—Part I, http://resources.infosecinstitute.com/csrf-xss-lethal-combination/#gref.
Chauhan, S.: Cross-Site Scripting (XSS), http://resources.infosecinstitute.com/cross-site-scripting-xss/#gref.
Usage Statistics of HTTP/2 for Websites, March 2017, https://w3techs.com/technologies/details/ce-http2/all/all.
HTTP/2: In-depth analysis of the top four flaws of the next generation web protocol. Imperva (2017).
Gmarkham: Same Origin Policy—Web Security, https://www.w3.org/Security/wiki/index.php?title=Same_Origin_Policy&oldid=2.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Aakanksha, Jain, B., Saxena, D., Sahni, D., Sharma, P. (2019). Analysis of Hypertext Transfer Protocol and Its Variants. In: Panigrahi, B., Trivedi, M., Mishra, K., Tiwari, S., Singh, P. (eds) Smart Innovations in Communication and Computational Sciences. Advances in Intelligent Systems and Computing, vol 670. Springer, Singapore. https://doi.org/10.1007/978-981-10-8971-8_17
Download citation
DOI: https://doi.org/10.1007/978-981-10-8971-8_17
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-8970-1
Online ISBN: 978-981-10-8971-8
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)