HTTP works making use of port number 80. Security testers have it in their repertoire to take away info from web servers with the help of HTTP commands. Some of the most common errors found while using the internet are HTTP client errors, such as the “404 Not Found” error. Basic knowledge regarding HTTP is useful for security testers and this is quite manageable as it is not necessary to learn how to use a lot of codes to extract data from web servers. If the return codes of a given web server are known, it can be determined what operating system (OS) is being used on the system on which the security testing is being done. Some of the most common HTTP client errors are discussed below.
The “400 Bad Request” is when the request cannot be understood by the server. The “401 Unauthorized” is for the request requiring authentication. The “402 Payment Required” is for reservation for future usage. The “403 Forbidden” is for when the server understands the requiest but is still refusing to comply. The “404 Not Found” is for when the request is not matched. “405 Method Not Allowed” is for requests not being allowed for some resource. “406 Not Acceptable” is for unacceptable requests. “407 Proxy Authentication Required” is for clients who have to authenticate using proxies. “408 Request Timeout” is for when the request is not made in the time allotted. “409 Conflict” is for inconsistency not allowing the request to be completed. “410 Gone” is for resources that are no longer available. “411 Length Required” is for when the length needs to be defined. “412 Precondition Failed” is for request header fields that are false. “413 Request Entity Too Large” is for too-large-to-be-processed requests. And the “414 Request-URI” is for a Requet-URI that is too long for the server to accept.
