Web Requests

Web Requests

easy
1 month
Cybersecurity

Module Summary

This module introduces key fundamentals that must be mastered to be successful in information security. Understanding web requests is essential for understanding how web applications work, which is necessary before attempting to attack or secure any web application. This makes this module the very first step in web application penetration testing.

This module will deliver these concepts through two main tools: cURL and the Browser DevTools. These tools are among the essential tools in any web penetration tester's arsenal, and this module will start you on the path to mastering them.

In addition to the above, this module will cover:

  • An overview of the HyperText Transfer Protocol (HTTP)
  • An overview of the Hypertext Transfer Protocol Secure (HTTPS)
  • HTTP requests and responses and their headers
  • HTTP methods and response codes
  • Common HTTP methods such as GET, POST, PUT, and DELETE
  • Interacting with APIs

CREST CPSA/CRT-related Sections:

  • All sections

CREST CCT APP-related Sections:

  • All sections

CREST CCT INF-related Sections:

  • All sections

This module is broken down into sections with accompanying hands-on exercises to practice each of the tactics and techniques we cover. The module ends with a practical hands-on skills assessment to gauge your understanding of the various topic areas.

You can start and stop the module at any time and pick up where you left off. There is no time limit or "grading," but you must complete all of the exercises and the skills assessment to receive the maximum number of cubes and have this module marked as complete in any paths you have chosen.

As you work through the module, you will see example commands and command output for the various topics introduced. It is worth reproducing as many of these examples as possible to reinforce further the concepts presented in each section. You can do this in the PwnBox provided in the interactive sections or in your virtual machine.

The module is classified as "Fundamental" and assumes a working knowledge of the Linux command line and an understanding of information security fundamentals. Though not mandatory, we recommend taking these modules before/along with this module:

  • Introduction to Networking

Sections