+ Topics
 + Subjects

Related Topics

Information Security in Hindi

PAIN in Information Security in Hindi

Authentication in Information Security in Hindi

Logs in Hindi

Audit Features in Hindi

File System Protection in Hindi

User Privileges in Hindi

RAID (Redundant Array of Independent Disks) in Hindi

Anti-Virus Software in Hindi

Security Weaknesses in IP in Hindi

Security Weaknesses in TCP in Hindi

Security Weaknesses in UDP in Hindi

Security Weaknesses in RIP in Hindi

Security Weaknesses in OSPF in Hindi

Security Weaknesses in SMTP in Hindi

Security Weaknesses in Hub in Hindi

Security Weaknesses in Switch in Hindi

Security Weaknesses in Router in Hindi

Security Weaknesses in WiFi in Hindi

IPSec in Hindi

HTTPS in Hindi

VLAN in Hindi

VPN in Hindi

Ingress Filtering in Hindi

Cryptography in Hindi

Digital Signatures in Hindi

Hash Functions in Hindi

PKI in Hindi

Security in Software Development in Hindi

Network Security Products in Hindi

Firewall in Hindi

Intrusion Detection Systems (IDS) in Hindi

Intrusion Prevention Systems (IPS) in Hindi

VPN Concentrator in Hindi

Content Screening Gateways in Hindi

Security Standards in Hindi

ISO 27001 in Hindi

Indian IT Act in Hindi

Intellectual Property Rights (IPR) in Hindi

Security Audit Procedures in Hindi

Developing Security Policies in Hindi

Disaster Recovery in Hindi

Business Continuity Planning in Hindi

Related Subjects

Internet of Things(IoT)

OPERATING SYSTEM

MOBILE COMPUTING

PROJECT MANAGEMENT

ARTIFICIAL INTELLIGENCE

SOFTWARE TESTING

ENTREPRENEURSHIP AND START-UPS

NETWORK FORENSICS

COMPUTER NETWORK

SOFTWARE_ENGINEERING

DBMS

Web Technology

Information Security

E Governance

Advance Computer Network

Data Science

Multi Media Technologies

Security Weaknesses in HTTP in Hindi

RGPV University / DIPLOMA_CSE / Information Security

Security Weaknesses in HTTP

Insecure Communication in HTTP

HTTP (Hypertext Transfer Protocol) ek protocol hai jo web browsers aur servers ke beech communication ka kaam karta hai. Lekin, HTTP ka use jab bina kisi security measures ke hota hai, to yeh insecure ho jata hai. HTTP communication ko intercept kiya ja sakta hai, kyunki yeh plain text mein data transfer karta hai. Iska matlab hai ki agar koi attacker network par ho, to wo easily sensitive information, jaise passwords aur personal details, read kar sakta hai. Yeh security weakness especially public networks ya unsecured Wi-Fi par bahut dangerous hota hai.

Lack of Encryption in HTTP

HTTP mein encryption ka lack hona ek major security flaw hai. Jab aap HTTP ka use karte hain, to data encrypted nahi hota. Iska matlab hai ki agar koi attacker communication ko intercept karta hai, to wo data ko asani se read kar sakta hai. Iska solution HTTPS (Hypertext Transfer Protocol Secure) hai, jo SSL/TLS encryption ka use karta hai, jo data ko secure banata hai. Lekin HTTP mein yeh feature nahi hota aur data ko easily decrypt kiya ja sakta hai.

No Authentication in HTTP

HTTP mein authentication ka mechanism nahi hota. Jab aap HTTP ka use karte hain, to server ko yeh verify karne ka koi tarika nahi hota ki request kisne bheja hai. Iska matlab hai ki attacker easily fake requests send kar sakte hain ya spoof kar sakte hain aapke server ko. Isliye, authentication system ka hona bohot zaroori hai jisme servers ko yeh pata ho ki request genuine hai ya nahi. HTTPS mein, aap SSL certificates ke through authentication kar sakte hain.

Vulnerabilities to Man-in-the-Middle Attack in HTTP

Man-in-the-Middle (MITM) attack ek aisa attack hota hai jisme attacker aapke aur server ke beech communication ko intercept karke data ko read ya modify kar leta hai. HTTP ka use karte waqt aise attacks ka risk zyada hota hai, kyunki communication encrypted nahi hota aur attacker easily data ko manipulate kar sakta hai. Jab data encrypted hota hai, to MITM attacks prevent ho jate hain, isliye HTTPS ka use karna zaroori hai.

Session Hijacking in HTTP

Session hijacking ek aisa attack hai jisme attacker kisi user ke session ko steal kar leta hai aur uske behalf par actions perform karta hai. HTTP mein yeh attack asaani se ho sakta hai, kyunki HTTP session cookies ko plain text mein send karta hai. Agar attacker ko yeh cookies mil jati hain, to wo aapke session ko hijack kar sakta hai. Isse bachne ke liye, session cookies ko secure aur encrypted hona chahiye, jo HTTPS mein possible hai.

Absence of Data Integrity Check in HTTP

HTTP mein data integrity ka check nahi hota. Matlab, jab data transfer hota hai to yeh ensure nahi hota ki data modify nahi kiya gaya. Agar attacker network ko intercept karke data mein changes kar leta hai, to server ko pata nahi chal sakta. HTTPS mein data integrity checks hote hain, jo is problem ko solve karte hain aur data ko modify hone se bachate hain.

HTTP Headers and Security Vulnerabilities

  • X-Frame-Options: Yeh header browser ko batata hai ki page ko iframe mein load karna allowed hai ya nahi. HTTP mein, yeh header default roop se set nahi hota, jo ki clickjacking attacks ko allow kar sakta hai.
  • X-XSS-Protection: HTTP mein XSS (Cross-Site Scripting) protection ka default mechanism nahi hota, jo attackers ko malicious scripts inject karne ka mauka de sakta hai. Yeh header HTTPS mein better implement kiya jata hai.
  • Strict-Transport-Security (HSTS): Yeh HTTP header browser ko batata hai ki ab se sirf HTTPS ka use kiya jaye. HTTP mein yeh header use nahi hota, jisse attacker HTTP request ko HTTPS ke place par redirect kar sakta hai.

FAQs

HTTP ek insecure protocol hai jo bina encryption ke data transfer karta hai. Isme data interception, man-in-the-middle attacks, session hijacking, aur data integrity checks ki kami hoti hai, jo isse vulnerable bana dete hain.

HTTP mein data encryption nahi hota, isliye agar attacker aapke communication ko intercept karta hai, to wo data ko easily read kar sakta hai. Iska solution HTTPS hai, jo SSL/TLS encryption use karta hai.

Man-in-the-Middle attack ek aisa attack hota hai jisme attacker aapke aur server ke beech communication ko intercept karta hai. HTTP mein yeh attack common hai kyunki data encrypted nahi hota aur attacker easily communication ko manipulate kar sakta hai.

HTTP ko secure banane ke liye aapko HTTPS ka use karna chahiye, jo data ko SSL/TLS encryption ke through secure karta hai. HTTP ke saath security vulnerabilities jese data interception aur modification ka risk hota hai.

HTTP mein session hijacking ka risk hota hai, kyunki HTTP cookies plain text mein transfer hoti hain. Agar attacker ko yeh cookies mil jati hain, to wo aapke session ko hijack kar sakta hai. HTTPS mein session security better hoti hai.

HTTP mein kuch important security headers jese X-Frame-Options, X-XSS-Protection aur Strict-Transport-Security ka default roop se absence hota hai, jo attacks ko prevent karne mein madadgar hote hain. Yeh headers HTTPS mein zyada securely implement hote hain.

Please Give Us Feedback


Quick Links

Legal

Contact

© 2025 NotesInHindi. All rights reserved.