
Web Requests Fundamental
This module introduces the topic of HTTP web requests and how different web applications utilize them to communicate with their backends.
Created by 21y4d
Summary
This module introduces key fundamentals that must be mastered to be successful in information security. Understanding web requests is essential for understanding how web applications work, which is necessary before attempting to attack or secure any web application. This makes this module the very first step in web application penetration testing.
This module will deliver these concepts through two main tools: cURL
and the Browser DevTools
. These tools are among the essential tools in any web penetration tester's arsenal, and this module will start you on the path to mastering them.
In addition to the above, this module will cover:
- An overview of the HyperText Transfer Protocol (HTTP)
- An overview of the Hypertext Transfer Protocol Secure (HTTPS)
- HTTP requests and responses and their headers
- HTTP methods and response codes
- Common HTTP methods such as GET, POST, PUT, and DELETE
- Interacting with APIs
This module is broken down into sections with accompanying hands-on exercises to practice each of the tactics and techniques we cover. The module ends with a practical hands-on skills assessment to gauge your understanding of the various topic areas.
You can start and stop the module at any time and pick up where you left off. There is no time limit or "grading," but you must complete all of the exercises and the skills assessment to receive the maximum number of cubes and have this module marked as complete in any paths you have chosen.
As you work through the module, you will see example commands and command output for the various topics introduced. It is worth reproducing as many of these examples as possible to reinforce further the concepts presented in each section. You can do this in the PwnBox
provided in the interactive sections or in your virtual machine.
The module is classified as "Fundamental
" and assumes a working knowledge of the Linux command line and an understanding of information security fundamentals. Though not mandatory, we recommend taking these modules before/along with this module:
- Introduction to Networking
- Linux Fundamentals
Sections
- HyperText Transfer Protocol (HTTP)
- Hypertext Transfer Protocol Secure (HTTPS)
- HTTP Requests and Responses
- HTTP Headers
- HTTP Methods and Codes
- GET
- POST
- CRUD API
Relevant Paths
This module progresses you towards the following Paths

Medium 257 Sections
Cubes Required: 1410
The Bug Bounty Hunter Job Role Path is for individuals who want to enter the world of Bug Bounty Hunting with little to no prior experience. This path covers core web application security assessment and bug bounty hunting concepts and provides a deep understanding of the attack tactics used during bug bounty hunting. Armed with the necessary theoretical background, multiple practical exercises, and a proven bug bounty hunting methodology, students will go through all bug bounty hunting stages, from reconnaissance and bug identification to exploitation, documentation, and communication to vendors/programs. Upon completing this job role path, you will have become proficient in the most common bug bounty hunting and attack techniques against web applications and be in the position of professionally reporting bugs to a vendor.

Easy 42 Sections
Cubes Required: 30
To be successful in any technical information security role, we must have a broad understanding of specialized tools, tactics, and terminology. This path introduces core concepts necessary for anyone interested in a hands-on technical infosec role. The modules also provide the essential prerequisite knowledge for joining the main Hack The Box platform, progressing through Starting Point through easy-rated retired machines, and solving "live" machines with no walkthrough. It also includes helpful information about staying organized, navigating the HTB platforms, common pitfalls, and selecting a penetration testing distribution. Students will complete their first box during this path with a guided walkthrough and be challenged to complete a box on their own by applying the knowledge learned in the Getting Started module.

Easy 147 Sections
Cubes Required: 150
Information Security is a field with many specialized and highly technical disciplines. Job roles like Penetration Tester & Information Security Analyst require a solid technical foundational understanding of core IT & Information Security topics. This skill path is made up of modules that will assist learners in developing &/or strengthening a foundational understanding before proceeding with learning the more complex security topics. Every long-standing building first needs a solid foundation. Welcome to Information Security Foundations.