Introduction to Web Applications

Introduction to Web Applications  Fundamental

In the Introduction to Web Applications module, you will learn all of the basics of how web applications work and begin to look at them from an information security perspective.

Created by 21y4d
Co-Authors: mrb3n

To start this course Sign Up!


This module is your first step in starting web application pentesting. It teaches important aspects of web applications, which will help you understand how web application pentesting works.

This module will cover the following topics:

Intro to Web Applications

  • Intro to Web Applications
  • Web Application Architectures
  • Front-end vs. Back-end

Front-end Components

  • HTML
  • CSS
  • JavaScript

Front-end vulnerabilities

  • Data Exposure
  • HTML Injection

Back-end Components

  • Back-end Servers
  • Web Servers
  • Databases
  • Development Frameworks & APIs

Back-end vulnerabilities

  • Public Vulnerabilities
  • Common Web Vulnerabilities

The following are also some of the covered topics:

  • What is a web application?
  • What are the common web application architectures?
  • What are the most common web servers, and what are the advantages of each?
  • What types of databases are there, and where is each one used?
  • Common Web Application Development Frameworks
  • What are APIs, and how are they used?
  • Public Web Application vulnerabilities
  • Intro to OWASP Top 10 for Web Applications

As you work through the module, you will see example commands and command output for the various topics introduced. It is worth reproducing as many of these examples as possible to reinforce further the concepts introduced in each section. You can do this in the Pwnbox provided in the interactive sections or your own virtual machine.

You can start and stop the module at any time and pick up where you left off. There is no time limit or "grading," but you must complete all of the exercises and the skills assessment to receive the maximum number of cubes and have this module marked as complete in any paths you have chosen.

The module is classified as "Fundamental" but assumes a working knowledge of the Linux command line and an understanding of information security fundamentals.

A firm grasp of the following modules can be considered prerequisites for successful completion of this module:

  • Web Requests


  • Introduction
  • Web Application Layout
  • Front End vs. Back End
  • HTML
  • Cascading Style Sheets (CSS)
  • JavaScript
  • Sensitive Data Exposure
  • HTML Injection
  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)
  • Back End Servers
  • Web Servers
  • Databases
  • Development Frameworks & APIs
  • Common Web Vulnerabilities
  • Public Vulnerabilities
  • Next Steps
To start this course Sign Up!