Demo webpages for Web Security
This directory contains toy examples of webpages to illustrate some
features of the web -- or, more specifically, of HTTP,
HTML
and URLs.
They are all bare-bones examples with just a few lines of
HTML to keep things as simple as possible and make the
fundamental concepts clear. Most webpages these days
use large JavaScript libraries (or JavaScript frameworks) to
make them look nicer. Web pages that include JavaScript
that is executed client-side in the browser are called
web apps.
The web page you are currently seeing is simply a directory
listing that is exposed to the internet by a web server: It
is the default behaviour of our university web server to display
the content of any README.html file present in a
directory, so the bottom part of this webpage is the
content of the file README.html
in the directory web-docs/websec/demo of my Linux home
directory.
Demos for lecture 1:
- demo_get_post.html
is a page with GET and POST requests to inspect in the
browser or using a proxy.
- demo_javascript.html
is a page with some simple JavaScript that uses the DOM API.
- demo_DOM.html
is a JavaScript demo that shows some more features of the DOM.
The button at the bottom of this page leads you to a
exercise to explore the capabilities of JavaScript
and the DOM from the console in your browser, incl. the
possibilities for so-called (reverse) tabnabbing attacks, where
JavaScript code can open new browser tabs or change existing
browser tabs to try to confuse the user.
Demos for lecture 2:
About the webpage you are seeing now:
~erikpoll/webdocs/demo
is simply a directory on the local file system of our Linux
server that is world-readable.
When you access the URL
http://www.cs.ru.nl/~erikpoll/websec/demo the web
server shows the directory listing of
~erikpoll/webdocs/demo (which you can see at the top of
the page)
and the content of the file called README.html
in that directory, if that file exists.