
Introduction to Web Applications Fundamental
In the Introduction to Web Applications module, you will learn all of the basics of how web applications work and begin to look at them from an information security perspective.
Created by 21y4d
Co-Authors: mrb3n
Summary
This module is your first step in starting web application pentesting. It teaches important aspects of web applications, which will help you understand how web application pentesting works.
This module will cover the following topics:
Intro to Web Applications
- Intro to Web Applications
- Web Application Architectures
- Front-end vs. Back-end
Front-end Components
- HTML
- CSS
- JavaScript
Front-end vulnerabilities
- Data Exposure
- HTML Injection
- XSS/CSRF
Back-end Components
- Back-end Servers
- Web Servers
- Databases
- Development Frameworks & APIs
Back-end vulnerabilities
- Public Vulnerabilities
- Common Web Vulnerabilities
The following are also some of the covered topics:
- What is a web application?
- What are the common web application architectures?
- What are the most common web servers, and what are the advantages of each?
- What types of databases are there, and where is each one used?
- Common Web Application Development Frameworks
- What are APIs, and how are they used?
- Public Web Application vulnerabilities
- Intro to OWASP Top 10 for Web Applications
As you work through the module, you will see example commands and command output for the various topics introduced. It is worth reproducing as many of these examples as possible to reinforce further the concepts introduced in each section. You can do this in the Pwnbox provided in the interactive sections or your own virtual machine.
You can start and stop the module at any time and pick up where you left off. There is no time limit or "grading," but you must complete all of the exercises and the skills assessment to receive the maximum number of cubes and have this module marked as complete in any paths you have chosen.
The module is classified as "Fundamental" but assumes a working knowledge of the Linux command line and an understanding of information security fundamentals.
A firm grasp of the following modules can be considered prerequisites for successful completion of this module:
- Web Requests
Sections
- Introduction
- Web Application Layout
- Front End vs. Back End
- HTML
- Cascading Style Sheets (CSS)
- JavaScript
- Sensitive Data Exposure
- HTML Injection
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Back End Servers
- Web Servers
- Databases
- Development Frameworks & APIs
- Common Web Vulnerabilities
- Public Vulnerabilities
- Next Steps
Relevant Paths
This module progresses you towards the following Paths

Medium 257 Sections
Cubes Required: 1410
The Bug Bounty Hunter Job Role Path is for individuals who want to enter the world of Bug Bounty Hunting with little to no prior experience. This path covers core web application security assessment and bug bounty hunting concepts and provides a deep understanding of the attack tactics used during bug bounty hunting. Armed with the necessary theoretical background, multiple practical exercises, and a proven bug bounty hunting methodology, students will go through all bug bounty hunting stages, from reconnaissance and bug identification to exploitation, documentation, and communication to vendors/programs. Upon completing this job role path, you will have become proficient in the most common bug bounty hunting and attack techniques against web applications and be in the position of professionally reporting bugs to a vendor.