Last modified: January 27, 2025

This article is written in: 🇺🇸

Protocols

In today’s connected world, front-end developers do far more than style web pages and craft user interfaces. They also need to understand the underlying network protocols that shape how data travels between their applications and the servers that power them. By mastering the inner workings of protocols, developers can create more efficient, secure, and reliable experiences for users. This section explores some of the foundational concepts, tools, and processes that every front-end developer should know to ensure smooth communication between the front end and back end.

Foundational Concepts

Internet

The Internet is often called a “network of networks” because it consists of numerous smaller, interconnected networks run by private, public, academic, business, and government entities. This global system enables billions of devices to connect and exchange information at unprecedented speed and scale.

Simplified Internet Diagram:

[User Device]
     |
[Local Network]
     |
[Internet Service Provider (ISP)]
     |
[Internet Backbone]
     |
[Destination Server]

Browsers

A web browser is the user’s gateway to the World Wide Web. By sending requests (using protocols like HTTP or HTTPS) and interpreting the responses (usually HTML, CSS, and JavaScript), browsers present web pages in a form humans can interact with. Although browsers often look straightforward on the outside, they have a lot going on behind the scenes:

Different browsers, such as Google Chrome, Mozilla Firefox, Microsoft Edge, and Safari, each have their own unique features and optimizations. For web developers, browser developer tools are a vital resource. These tools allow you to inspect a webpage’s structure (DOM), view and modify CSS in real-time, debug JavaScript via a console, and examine HTTP requests to optimize performance.

Browser Architecture:

+------------------------------------------------------+
|                      Browser                         |
|------------------------------------------------------|
|  User Interface  |  Browser Engine  |  Data Storage  |
|------------------------------------------------------|
|            Rendering Engine (HTML/CSS)               |
|------------------------------------------------------|
|            JavaScript Interpreter (JS Engine)        |
|------------------------------------------------------|
|                    Networking                        |
+------------------------------------------------------+

DNS (Domain Name System)

The Domain Name System (DNS) transforms human-readable domain names (e.g., example.com) into machine-readable IP addresses (e.g., 192.0.2.1). Without DNS, users would have to memorize strings of numbers to access websites, which would be both unwieldy and impractical.

The DNS resolution process starts in your browser’s cache. If the address isn’t found there, the query moves to the operating system cache. If there is still no match, the request travels to the DNS resolver, which then queries root servers, TLD servers, and eventually the authoritative server for the domain. The resolver finally returns the correct IP address to your browser, enabling it to communicate with the website’s server.

DNS Query Flow Diagram:

[Browser]
   |
[DNS Resolver]
   |
[Root Server] -> [TLD Server] -> [Authoritative Server]
   |
[IP Address Returned]

Domain Name

A domain name is a website’s easy-to-remember address, allowing people to visit online resources without having to recall complex numerical IPs. A typical domain name (e.g., www.google.com) can be broken down into:

To illustrate, a typical domain name can be broken down like this:

[Subdomain].[Second-Level Domain].[Top-Level Domain]
    www             google               com

The domain name system is overseen by the Internet Corporation for Assigned Names and Numbers (ICANN). TLD registries manage specific top-level domains, while registrars provide the interface for individuals and businesses to purchase and manage their domain names.

Domain Name System Hierarchy:

[.] (Root)
 |
[.com] (TLD)
 |
[example] (SLD)
 |
[www] (Subdomain)

Protocols in Action

HTTP (HyperText Transfer Protocol)

HyperText Transfer Protocol (HTTP) is the foundation of data exchange on the web, enabling the transfer of HTML and related media files between clients (like web browsers) and servers. Its request-response model lies at the heart of web interactions, allowing a client to request resources and a server to respond with the necessary data.

In the HTTP world, both requests and responses consist of specific parts:

Request (from the client):

Response (from the server):

Basic HTTP Methods:

Method Description
GET Retrieve resources without making any changes on the server.
POST Send data to create or update resources on the server.
PUT Replace or add a resource at a specified URL.
PATCH Modify parts of an existing resource.
DELETE Remove a resource identified by a specific URL.

HTTP Request-Response Cycle Diagram

[Client Browser] -- HTTP Request --> [Web Server]
                    <-- HTTP Response --

Detailed Examples of HTTP Methods

GET Method

The GET method simply fetches data from a server and is commonly used for retrieving webpages or requesting information without altering data on the server.

Sample HTTP GET Request:

GET /index.html HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0
Accept: text/html

Sample HTTP GET Response:

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 3057

<!DOCTYPE html>
<html>
...

When using command-line tools like curl, you can specify request headers and see the server’s response:

curl -i -H "Accept: application/json" -H "Content-Type: application/json" "https://api.github.com/users/octocat"

Example Response:

HTTP/2 200
{
  "login": "octocat",
  "id": 583231,
  "name": "The Octocat",
  ...
}

POST Method

The POST method is generally used when submitting data to the server, such as form information. It can also be employed to create new resources or update existing ones on the server side.

Using curl to send a POST request:

curl -X POST -H "Content-Type: application/json" -d '{"username":"testuser", "password":"testpassword"}' "https://reqbin.com/echo/post/json"

Example Response:

{
  "success": "true",
  "data": {
    "username": "testuser",
    "password": "testpassword"
  }
}

HTTP APIs and Standards

Over time, several standards and protocols have emerged for building APIs that communicate via HTTP. These standards guide how requests and responses are formatted and handled, fostering consistency and interoperability across various systems.

Protocol Year Description
XML-RPC 1998 A pioneering protocol for remote procedure calls, encoding requests and responses in XML.
SOAP 1999 A more complex XML-based protocol designed for exchanging structured information in web services.
REST 2000 An architectural style that uses standard HTTP methods to interact with resources in a stateless manner.
JSON-RPC 2005 Similar to XML-RPC but uses JSON for lightweight request and response formatting.
GraphQL 2015 A flexible query language for APIs that lets clients request only the data they need in a single endpoint.

REST (Representational State Transfer)

Representational State Transfer (REST) is an architectural style that takes full advantage of standard HTTP methods—such as GET, POST, PUT, and DELETE—to manage and manipulate resources. In RESTful APIs, each resource is associated with a unique URL (or endpoint), and the requested operation is determined by the HTTP method used. Because REST is built on top of HTTP, it benefits from the protocol’s simplicity, scalability, and widespread adoption, making it one of the most popular approaches to building modern web services.

Example REST APIs:

GET Request Example:

curl -i -H "Accept: application/json" -H "Content-Type: application/json" "https://jsonplaceholder.typicode.com/todos/3"

Response:

{
  "userId": 1,
  "id": 3,
  "title": "fugiat veniam minus",
  "completed": false
}

This example demonstrates retrieving a specific resource (in this case, a to-do item) using the GET method. Notice the response is in JSON, which is a common data format for RESTful APIs.

POST Request Example:

curl --data "title=New Todo&completed=false" https://jsonplaceholder.typicode.com/todos

Response:

{
  "title": "New Todo",
  "completed": false,
  "id": 201
}

Here, the POST method is used to create a new resource on the server. The server responds with a JSON object containing the newly created resource, including an automatically generated id.

HTTP Status Codes

HTTP status codes are three-digit numbers that the server sends back to the client to indicate how a request was handled. They help developers understand whether an action was successful or if an error occurred.

Category Status Code Range
Informational 1xx
Successful 2xx
Redirection 3xx
Client Error 4xx
Server Error 5xx

Common HTTP Status Codes:

Code Description
-----: :------------------------------------------------------------------------------------
200 OK – The request was successful, and the response contains the requested data.
201 Created – A new resource was successfully created on the server.
301 Moved Permanently – The resource has a new permanent URI.
302 Found – The resource is temporarily located at a different URI.
400 Bad Request – The request was malformed or missing required parameters.
401 Unauthorized – Authentication is required or has failed.
403 Forbidden – The server understands the request but refuses to authorize it.
404 Not Found – The requested resource could not be located on the server.
500 Internal Server Error – The server encountered an unexpected condition.

HTTPS (HTTP Secure)

HTTPS is a secure extension of HTTP that uses SSL/TLS encryption to protect data as it travels between client and server. By encrypting the information, HTTPS prevents unauthorized individuals from intercepting or altering data in transit. It also verifies that clients are communicating with the legitimate server, reinforcing trust and security.

Some of the key advantages of HTTPS include:

  1. Encryption – Ensures that sensitive data, like login credentials and payment information, remains confidential.
  2. Data Integrity – Detects whether data has been tampered with or corrupted during transit.
  3. Authentication – Proves the server’s identity, safeguarding against impostor or malicious sites pretending to be legitimate.

HTTPS Connection Process

  1. Client Hello – The client requests a secure connection and provides a list of supported encryption methods.
  2. Server Response – The server responds with its SSL certificate and chosen encryption method.
  3. Certificate Verification – The client verifies the authenticity of the server’s certificate.
  4. Key Exchange – Both parties agree upon encryption keys for the secure session.
  5. Secure Data Transfer – The client and server encrypt their communication using the agreed-upon keys.

FTP

File Transfer Protocol (FTP) is one of the oldest and most straightforward ways to transfer large quantities of data between a client and a server over a TCP network. It was traditionally used to distribute software packages, share files among teams, and host downloadable assets. While it remains a staple in many server environments, security considerations have led to more widespread use of encrypted alternatives like SFTP or FTPS.

Main features of FTP include:

Security-wise, plain FTP traffic is unencrypted and can be intercepted. Hence, more secure variants like FTPS (FTP over SSL/TLS) and SFTP (FTP over SSH) are recommended when data privacy is a concern.

FTP Workflow Diagram:

[Client]
   |
[Control Connection (Commands)]
   |
[FTP Server]
   |
[Data Connection (File Transfer)]

Common FTP Commands:

Command Description
LIST Lists files in the current directory
RETR Retrieves (downloads) a file from the server
STOR Uploads a file to the server
DELE Deletes a file on the server
MKD Creates a new directory on the server

WebSockets

WebSockets enable bi-directional (two-way) communication between a client and a server over a single, persistent TCP connection. Unlike traditional HTTP, where the client must always initiate requests, WebSockets let the server push updates to the client as soon as they happen.

Key benefits of using WebSockets include:

Use cases often involve:

The handshake process starts as a typical HTTP request with an Upgrade header to specify the switch to WebSockets. The server confirms with a 101 Switching Protocols response, and from that point forward, communication no longer uses the standard request-response cycle but instead a persistent, event-driven channel.

Simplified WebSocket Diagram:

[Client Browser] <---- Persistent Connection ----> [Server]
       |                                               |
    Send/Receive Messages in Real-Time

Sample WebSocket Code (JavaScript):

const socket = new WebSocket('wss://example.com/socket');

socket.onopen = () => {
  console.log('WebSocket connection established.');
  socket.send('Hello Server!');
};

socket.onmessage = (event) => {
  console.log('Received:', event.data);
};

socket.onclose = () => {
  console.log('WebSocket connection closed.');
};

TCP and UDP

TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are the two main protocols used at the transport layer of the Internet protocol suite. They define how data should be packaged, transmitted, and received over IP networks, each focusing on different priorities.

TCP:

UDP:

Comparison Table:

Feature TCP UDP
Connection Connection-Oriented (Handshake) Connectionless
Reliability Guaranteed (Acknowledgements) Not Guaranteed (No ACK)
Ordering Strictly Ordered Packets No Ordering Enforcement
Overhead Higher Lower
Use Cases HTTP, Email, File Transfer Streaming, Gaming, VoIP

TCP Connection Process (Three-Way Handshake):

  1. SYN – The client sends a synchronization request to the server.
  2. SYN-ACK – The server acknowledges the request and sends back its own synchronization signal.
  3. ACK – The client confirms receipt of the server’s acknowledgment, establishing the connection fully.

TCP Diagram:

[Client] -- SYN -->      [Server]
[Client] <-- SYN-ACK --  [Server]
[Client] -- ACK -->      [Server]
Connection Established

UDP Communication Diagram:

[Client] -- Data Packet --> [Server]

(No handshake; data sent immediately)

Web Security Essentials

Web security is paramount in safeguarding websites and their users from malicious threats. It involves implementing measures to protect data integrity, confidentiality, and availability.

HTTPS

HTTPS, or Hypertext Transfer Protocol Secure, is the secure version of HTTP that uses SSL/TLS protocols to encrypt data exchanged between a browser and a web server. By securing the data transfer, HTTPS helps protect sensitive information from being intercepted by unauthorized parties.

The importance of HTTPS spans several key areas:

HTTPS relies on SSL/TLS protocols for secure communication:

Additionally, Certificate Authorities (CAs) play a crucial role in the HTTPS ecosystem. These trusted organizations issue digital certificates, which verify the ownership of the encryption keys used in HTTPS. By confirming a website’s identity, CAs help establish a secure and trustworthy connection between users and web servers.

Visual Representation of HTTPS Connection:

[Client Browser] <-- Encrypted Data --> [Web Server]

CORS

Cross-Origin Resource Sharing, or CORS, is a security feature that controls how web applications running in one origin (or domain) can interact with resources from another origin. This feature helps maintain security by allowing or restricting cross-origin access based on certain rules.

The same-origin policy is enforced by browsers to enhance security. By default, it restricts web pages from making HTTP requests to a different origin than their own. This prevents unauthorized access to data and protects users from various types of attacks, such as Cross-Site Scripting (XSS).

CORS works through specific HTTP headers, which dictate what is permitted in a cross-origin request:

CORS requests come in two types, depending on their complexity:

CORS Workflow Diagram:

[Browser] -- Preflight OPTIONS Request --> [Server]
                    |
         [Server sends CORS headers]
                    |
[Browser] -- Actual Request --> [Server]

Content Security Policy

Content Security Policy, or CSP, is a security standard designed to prevent a range of attacks, such as cross-site scripting (XSS) and clickjacking. By specifying trusted sources for web content, CSP helps to ensure that only authorized scripts, styles, and other resources are loaded on a website, enhancing security against code injection vulnerabilities.

There are two main ways to implement CSP on a website:

CSP includes a variety of directives that allow you to control specific types of content:

Example CSP Header:

Content-Security-Policy: default-src 'self'; img-src 'self' https://images.example.com; script-src 'self' 'unsafe-inline'

Benefits:

OWASP Security Risks

The Open Web Application Security Project, or OWASP, is a non-profit organization dedicated to improving web application security. One of its most well-known resources is the OWASP Top Ten list, which highlights critical security risks that developers should be aware of to protect their applications.

The latest OWASP Top Ten list identifies key security risks:

  1. Broken Access Control is a risk where users gain unauthorized access to resources, which can lead to data leaks and compromised functionality.
  2. Cryptographic Failures occur when sensitive data, such as passwords and personal information, isn’t adequately protected through encryption, leaving it vulnerable to attackers.
  3. Injection vulnerabilities arise when untrusted data is processed as executable code, potentially allowing attackers to manipulate the system, as seen in SQL or command injection attacks.
  4. Insecure Design highlights fundamental flaws in the application’s design that open up security risks, often due to inadequate planning for secure practices during development.
  5. Security Misconfiguration refers to improperly configured security settings, which can leave systems open to attacks if not correctly managed.
  6. Vulnerable and Outdated Components are issues that result from using outdated libraries or frameworks with known vulnerabilities, creating a weak link in the application’s security.
  7. Identification and Authentication Failures can lead to unauthorized access if authentication mechanisms are weak or improperly implemented.
  8. Software and Data Integrity Failures involve issues where code or data lacks integrity controls, making it easier for attackers to introduce malicious alterations.
  9. Security Logging and Monitoring Failures represent a lack of sufficient logging and monitoring, which can delay detection of attacks or hinder response efforts.
  10. Server-Side Request Forgery (SSRF) happens when attackers trick the server into sending requests to unintended destinations, potentially leading to unauthorized access to internal systems.

To address these risks, OWASP recommends several mitigation strategies:

OWASP provides various resources to help developers secure their applications effectively:

API Security

API security is all about protecting application programming interfaces (APIs) from malicious attacks and misuse. By ensuring that only authorized users and applications can access APIs, API security plays a crucial role in safeguarding data and maintaining the integrity of connected services.

Several key concepts form the foundation of API security:

Implementing API security effectively involves several best practices:

API Security Layers:

[Client]
   |
[Authentication Layer] -- Validates identity
   |
[Authorization Layer] -- Checks permissions
   |
[API Logic]

Authentication and Authorization

Authentication and authorization are essential security processes in controlling access to systems. While authentication verifies the identity of the user, authorization determines what resources the user is allowed to access, based on established permissions.

There are several common methods for authentication:

For authorization, different models control how access is granted:

The OAuth 2.0 framework further enhances authorization by defining roles within the access control process:

OAuth 2.0 Flow Diagram:

[Client] -- Authorization Request --> [Authorization Server]
                  |
    [User Authenticates and Authorizes]
                  |
[Client] <-- Access Token Issued -- [Authorization Server]
                  |
[Client] -- API Request with Token --> [Resource Server]

Data Encryption

Data encryption is the process of transforming readable data, known as plaintext, into an unreadable format called ciphertext. This transformation helps prevent unauthorized access, ensuring that only those with the correct decryption key can revert the data back to its original form.

There are two primary types of encryption:

Some of the most common encryption algorithms include:

In addition to encryption, hash functions play a crucial role in data security:

Encryption Workflow:

[Plaintext] -- Encryption Algorithm + Key --> [Ciphertext]
[Ciphertext] -- Decryption Algorithm + Key --> [Plaintext]

Applications:

Secure Development Practices

Secure development practices are all about embedding security measures throughout the software development lifecycle (SDLC). By addressing potential vulnerabilities from the outset, these practices help ensure that applications are both functional and secure.

Several key practices are integral to secure development:

Each phase of the SDLC has a role in maintaining security:

  1. In requirements gathering, teams define security requirements alongside functional ones, ensuring that security is a primary consideration from the start.
  2. The design phase incorporates security architecture and threat models, building a secure foundation for the application.
  3. During implementation, developers follow secure coding practices to create robust code that resists common vulnerabilities.
  4. The testing phase includes security tests in addition to traditional functional testing, allowing teams to validate the security of the application before it goes live.
  5. Deployment involves setting up secure configurations and ensuring the environment is secure. This step is essential for protecting the application as it enters production.
  6. In maintenance, teams monitor the application, apply patches, and make ongoing improvements to address new threats as they arise.

Security Monitoring and Incident Response

Security monitoring and incident response are two crucial aspects of maintaining a secure environment. Security monitoring focuses on the continuous observation of systems to detect potential threats early, while incident response is a structured approach to managing and resolving security incidents when they occur.

Various tools play a role in effective security monitoring:

The incident response process is typically organized into several phases:

  1. Preparation is the first phase, where organizations develop policies, procedures, and communication plans for handling incidents. This proactive planning helps ensure that teams are ready to respond effectively when an incident occurs.
  2. In the identification phase, the team works to detect and determine the scope of the incident, assessing the potential impact and identifying affected systems.
  3. Containment aims to limit the spread of the incident and minimize its impact. This step often involves isolating compromised systems and blocking unauthorized access.
  4. The eradication phase involves eliminating the root cause of the incident and removing any affected components from the environment to prevent recurrence.
  5. During recovery, teams restore systems and services to their normal operation, ensuring they are secure and fully functional before resuming regular activities.
  6. Finally, lessons learned provides an opportunity to analyze the incident and identify improvements for future response efforts. This reflection helps organizations strengthen their defenses and response capabilities.

An effective incident response team comprises various roles to ensure a comprehensive approach:

Vulnerability Management

Vulnerability management is a proactive process aimed at identifying, assessing, addressing, and reporting security vulnerabilities across an organization’s systems. This ongoing practice is essential for maintaining a strong security posture by reducing potential attack surfaces before they can be exploited.

The vulnerability management process includes several key steps:

  1. Asset inventory is the starting point, where you create a comprehensive list of all hardware and software assets within the organization. This inventory forms the foundation for understanding what needs to be protected.
  2. Vulnerability identification follows, using tools and scanners to uncover potential vulnerabilities. This step involves scanning systems, networks, and applications to identify areas of weakness.
  3. In risk assessment, identified vulnerabilities are prioritized based on factors like severity and potential impact. By assessing the risk level, you can focus on addressing the most critical issues first.
  4. Remediation planning involves developing strategies to address each vulnerability, which may include applying patches, updating configurations, or implementing new security measures.
  5. During mitigation and patching, you apply fixes or workarounds to resolve the vulnerabilities. This step is essential for reducing the risk of exploitation by actively addressing identified issues.
  6. Verification is the next step, where teams confirm that vulnerabilities have been successfully resolved. This may involve rescanning systems or running tests to ensure fixes are effective.
  7. Finally, reporting documents all actions taken and communicates the results to stakeholders. Clear reporting provides transparency and helps demonstrate progress in securing the organization’s assets.

There are various tools available to support vulnerability management efforts:

However, vulnerability management comes with its own set of challenges:

Adhering to legal and regulatory standards is essential for organizations to protect user data and avoid legal repercussions. These standards help ensure that personal and sensitive information is handled responsibly and ethically.

Several key regulations and standards set the framework for data protection:

To ensure compliance with these regulations, organizations engage in a variety of activities:

Non-compliance with these standards can lead to significant penalties:

Generate a CSR on Your Server

Generating a Certificate Signing Request (CSR) is an essential step in obtaining an SSL/TLS certificate, which enables HTTPS on your server and secures data transmission. The following steps guide you through generating a CSR using OpenSSL.

I. Start by generating a private key. This key is critical for your server’s security, and you’ll need it for the CSR. Use the following command:

openssl genrsa -out your_domain.com.key 2048

Here, 2048 specifies the key length in bits. A higher number generally indicates stronger encryption, though 2048 bits is standard for most cases.

II. Next, generate the CSR itself by running:

openssl req -new -key your_domain.com.key -out your_domain.com.csr

III. As part of this process, you’ll need to enter information about your organization. This information will be associated with your certificate and includes:

Field Description
Country Name (C) A two-letter country code, like US.
State or Province Name (ST) The full name of your state or province.
Locality Name (L) The name of your city.
Organization Name (O) Your organization’s legal name.
Organizational Unit Name (OU) The department within your organization, if applicable.
Common Name (CN) The Fully Qualified Domain Name (FQDN) for which you’re requesting the certificate, e.g., www.your_domain.com.
Email Address A contact email, typically for administrative purposes.

IV. After you have the .csr file, you’ll submit it to a Certificate Authority (CA). Choose a CA like Let’s Encrypt, DigiCert, or Comodo, and provide them with the CSR. The CA will verify your information and issue the SSL/TLS certificate.

V. Once you receive your certificate from the CA, you’ll need to install it on your server. This installation will include both the certificate itself and the private key you generated in the first step. Some CAs may also provide intermediate certificates, which you’ll need to install to establish a full chain of trust.

A few important considerations when generating and handling CSRs include:

Here’s a simplified diagram of the CSR generation process:

[Server]
   |
[Generate Private Key] --> (.key file)
   |
[Generate CSR] --> (.csr file)
   |
[Submit CSR to CA]
   |
[Receive SSL Certificate] --> (.crt file)
   |
[Install Certificate on Server]

If you prefer an automated solution for SSL/TLS certificates, Let’s Encrypt offers free certificates through a tool called Certbot. With Certbot, you can automate both the installation and renewal processes:

To install a certificate for an Apache server, for example, use:

sudo certbot --apache -d your_domain.com -d www.your_domain.com

Let’s Encrypt certificates are valid for 90 days, so it’s recommended to set up automated renewal to ensure your certificates remain current without manual intervention.

What happens when you enter a URL in the browser?

When you type a URL into your browser, a lot of things happen behind the scenes to fetch and show the webpage you're looking for. Here's a breakdown of that process:

I. Entering the URL

II. DNS Resolution

III. Setting Up a TCP Connection

IV. Sending HTTP Requests

V. Receiving HTTP Responses

VI. Rendering the Webpage

Table of Contents

    Protocols
    1. Foundational Concepts
      1. Internet
      2. Browsers
      3. DNS (Domain Name System)
      4. Domain Name
    2. Protocols in Action
      1. HTTP (HyperText Transfer Protocol)
      2. HTTP Request-Response Cycle Diagram
    3. Detailed Examples of HTTP Methods
      1. GET Method
      2. POST Method
    4. HTTP APIs and Standards
      1. REST (Representational State Transfer)
    5. HTTP Status Codes
    6. HTTPS (HTTP Secure)
      1. HTTPS Connection Process
      2. FTP
      3. WebSockets
      4. TCP and UDP
    7. Web Security Essentials
      1. HTTPS
      2. CORS
      3. Content Security Policy
      4. OWASP Security Risks
      5. API Security
      6. Authentication and Authorization
      7. Data Encryption
      8. Secure Development Practices
      9. Security Monitoring and Incident Response
      10. Vulnerability Management
      11. Legal and Regulatory Compliance
      12. Generate a CSR on Your Server
    8. What happens when you enter a URL in the browser?