Web Hacking Fundamentals

The First Half of Web Fundamentals

I am going to place the rooms "How websites work", "HTTP in Detail", "Burpsuite Basics", and "OWASP Top 10" here as they are too fast or short to be worth their own page.

How Websites work and http in detail

These two are the most straight-forward of all the Web Hacking rooms. They go over the basics of how changes in http code affect what you see on a computer screen and how some scripting in javascript makes pages dynamic. It's important to go over these sections as know what code you're injecting before you push the enter button is important. These rooms go bare minimum though, even after completing them I was still pretty lost when it comes to reading and creating malicious http and javascript code. Definitely read up more on web hacking past this room if you really want to understand how it works.

Burpsuite Basics

Burpsuite is a sweet tool to have for any web exploitation or even troubleshooting. In this room it breaks down how it works, what each section does, and how you will use it in future rooms. I think this room is the best out of the web hacking rooms and should be considered a go-to for anyone looking to start web hacking and protection.

OWASP top 10

This room looks intimidating to start; but, the questions it asks can all be answered from quick google searches if not in the section it's under anyways. This room is more time-consuming than any other room I've come across yet, the sections are easy to complete, just lengthy to read and digest. It contains a simple explanation for each of the top 10 web vulnerabilities, how dangerous of a vulnerability it is, and how we usually remediate it. Some are obvious like "Don't use components with known vulnerabilities in your web site" but some are very complex and even OWASP mentions they are rarely used.