Web Requests Fundamental
Web applications provide a large potential attack surface and need to be secured properly. A firm grasp of the basics of how applications communicate is critical for anyone interested in learning how to assess and attack web applications.
Created by MinatoTW
This module introduces key fundamentals that must be mastered in order to be successful in information security. An understanding of how web applications work is necessary before attempting to attack or secure them.
In this module, we will cover:
- An overview of the HyperText Transfer Protocol (HTTP)
- An overview of the Hypertext Transfer Protocol Secure (HTTPS)
- HTTP requests and responses
- HTTP methods and response codes
- Common HTTP methods such as GET, POST, PUT, and DELETE
cURLto interact with web applications
This module is broken down into sections with accompanying hands-on exercises to practice each of the tactics and techniques we cover.
As you work through the module, you will see example commands and command output for the various topics introduced. It is worth reproducing as many of these examples as possible to reinforce further the concepts introduced in each section. You can do this in the Pwnbox provided in the interactive sections or your own virtual machine.
You can start and stop the module at any time and pick up where you left off. There is no time limit or "grading," but you must complete all of the exercises and the skills assessment to receive the maximum number of cubes and have this module marked as complete in any paths you have chosen.
The module is classified as "Fundamental" but assumes a working knowledge of the Linux command line and an understanding of information security fundamentals.
A firm grasp of the following modules can be considered prerequisites for successful completion of this module:
- Introduction to Networking
- Linux Fundamentals
- HyperText Transfer Protocol (HTTP)
- Hypertext Transfer Protocol Secure (HTTPS)
- Request and Response
- HTTP Methods and Codes
- GET Method
- POST Method
- PUT and DELETE Methods
This module progresses you towards the following Paths
Easy 43 Sections
Cubes Required: 30
To be successful in any technical information security role, we must have a broad understanding of specialized tools, tactics, and terminology. This path introduces core concepts necessary for anyone interested in a hands-on technical infosec role. The modules also provide the essential prerequisite knowledge for joining the main Hack The Box platform, progressing through Starting Point through easy-rated retired machines, and solving "live" machines with no walkthrough. It also includes helpful information about staying organized, navigating the HTB platforms, common pitfalls, and selecting a penetration testing distribution. Students will complete their first box during this path with a guided walkthrough and be challenged to complete a box on their own by applying the knowledge learned in the Getting Started module.
Fundamental 9 Sections
Easy 11 Sections
Fundamental 23 Sections
This module covers the fundamentals of penetration testing and an introduction to Hack The Box.