Scribd
Upload
20 views5 pages

Assinment2 Week3

Uploaded by

sharonwairimu600
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
20 views5 pages

Assinment2 Week3

Uploaded by

sharonwairimu600
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Course: Cloud and Network Security

Student Name: Dickens Omolo

Student No.: cs-cns07-24101

Sunday, 6th October, 2024

Week 3 Assignment 2: HTB Academy - Web Requests


Table of content

Introduction……………………………………………..2

Body……………………………………………………..3

Hypertext Transfer Protocol (HTTP)

Hypertext Transfer Protocol Secure (HTTPS)

HTTP requests and responses and their headers

HTTP methods and response codes

Common HTTP methods such as GET, POST, PUT, and DELETE

Interacting with APIs

Conclusion………………………………………………
Introduction

In the rapidly evolving field of information security, mastering the fundamentals is essential for success, particularly in the realm of
web application penetration testing. This report provides an overview of a module designed to equip learners with the foundational
knowledge required to understand web requests and their role in web application functionality. Before any effective attacks or security
measures can be implemented, a solid grasp of how web applications operate is imperative.

This module introduces key concepts through practical engagement with two indispensable tools: cURL and Browser DevTools.
These tools are vital for any aspiring web penetration tester, allowing for efficient manipulation and analysis of web requests.

The module also delves into critical topics, including an overview of the HyperText Transfer Protocol (HTTP) and its secure variant,
Hypertext Transfer Protocol Secure (HTTPS). It explores the intricacies of HTTP requests and responses, their headers, and
commonly used HTTP methods such as GET, POST, PUT, and DELETE. Additionally, the module addresses interaction with APIs,
further broadening the learner's skill set in web application security. Through this exploration, the report aims to provide a
comprehensive understanding of the foundational concepts necessary for effective penetration testing and securing web applications.

Hypertext Transfer Protocol (HTTP)

HTTP is an application-level protocol used to access the World Wide Web resources. The term hypertext stands for text containing links to other
resources and text that the readers can easily interpret.

HTTP communication consists of a client and a server, where the client requests the server for a resource. The server processes the requests and
returns the requested resource. The default port for HTTP communication is port 80, though this can be changed to any other port, depending
on the web server configuration. The same requests are utilized when we use the internet to visit different websites. We enter a Fully Qualified
Domain Name (FQDN) as a Uniform Resource Locator (URL) to reach the desired website, like www.hackthebox.com.

Universal Resource Locator (URL) has different components as below


Component Example Description
Scheme http:// https:// This is used to identify the protocol being accessed by the client, and ends with a colon and a double slash (://)
User Info admin:password@ This is an optional component that contains the credentials (separated by a colon :) used to authenticate to the host, and is
separated from the host with an at sign (@)
Host inlanefreight.com The host signifies the resource location. This can be a hostname or an IP address
Port :80 The Port is separated from the Host by a colon (:). If no port is specified, http schemes default to
port 80 and https default to port 443
Path /dashboard.php This points to the resource being accessed, which can be a file or a folder. If there is no path specified, the server returns the
default index (e.g. index.html).
Query ?login=true The query string starts with a question mark (?), and consists of a parameter (e.g. login) and a value (e.g. true). Multiple
String parameters can be separated by an ampersand (&).
Fragments #status Fragments are processed by the browsers on the client-side to locate sections within the primary resource (e.g. a header or
section on the page).

You might also like