Hello Folks,
In this blog, we will cover the concepts as well as the answers for the “Web Application Basics” room which is a part of the “Cyber Security 101” learning path. It will cover web application fundamentals, including some key topics such as, URLs, HTTP requests/response headers, methods and status codes. After completing this blog, you will find yourself familiar with how web applications work.
You can access the room by clicking here.
Task 1 Introduction
This task will let you know the learning objectives for understanding the basics of web application architecture.
I am ready to learn about Web Applications!
No answer needed
Task 2 Web Application Overview
In this task, the overview of a web app is given compared to a planet where Front End represents the surface which is visible to everyone using programming languages like HTML, CSS and JavaScript. The Back End is similar to the planet’s hidden surface including infrastructure, database and security systems like Web Application Firewalls (WAF).
Q 2.1- Which component on a computer is responsible for hosting and delivering content for web applications?
A 2.1- Web Server
Q 2.2- Which tool is used to access and interact with web applications?
A 2.2- Web Browser
Q 2.3- Which component acts as a protective layer, filtering incoming traffic to block malicious attacks, and ensuring the security of the web application?
A 2.3- Web Application Firewall
Task 3 Uniform Resource Locator
This task will focus on one of the important component through which a user accesses a web application; a URL sometimes called a web address. It has various components such as Scheme (HTTP/HTTPS), User which consists of login details, Host/Domain which identifies the website, Path (resource location or web page), Query String (input for searches), Fragments (for accessing specific section on a web page).
Q 3.1- Which protocol provides encrypted communication to ensure secure data transmission between a web browser and a web server?
A 3.1- HTTPS
Q 3.2- What term describes the practice of registering domain names that are misspelt variations of popular websites to exploit user errors and potentially engage in fraudulent activities?
A 3.2- Typosquatting
Q 3.3- What part of a URL is used to pass additional information, such as search terms or form inputs, to the web server?
A 3.3- Query String
Task 4 HTTP Messages
This section will dive deep into the concepts of HTTP messages which are exchanged between a client browser and a web server including requests coming from the user and response coming from the server. These messages contains start line, headers, empty line and body. Understanding these components is crucial for web application communication.
Q 4.1- Which HTTP message is returned by the web server after processing a client’s request?
A 4.1- HTTP Response
Q 4.2- What follows the headers in an HTTP message?
A 4.2- Empty Line
Task 5 HTTP Request: Request Line and Methods
This section will help us understand an HTTP request, which is sent by a user to a web server and includes a request line (method, path, version), various HTTP methods (GET, POST, etc.), and a URL path that directs the server to the desired resource. Each method has unique security implications, and newer HTTP versions (like HTTP/2 and HTTP/3) enhance speed and security, though many systems still use HTTP/1.1.
Q 5.1- Which HTTP protocol version became widely adopted and remains the most commonly used version for web communication, known for introducing features like persistent connections and chunked transfer encoding?
A 5.1- HTTP/1.1
Q 5.2- Which HTTP request method describes the communication options for the target resource, allowing clients to determine which HTTP methods are supported by the web server?
A 5.2- OPTIONS
Q 5.3- In an HTTP request, which component specifies the specific resource or endpoint on the web server that the client is requesting, typically appearing after the domain name in the URL?
A 5.3- URL Path
Task 6 HTTP Request: Headers and Body
This task will provide an introduction to common HTTP request headers and body. Request headers provide additional details to the server, such as the host, user-agent, and content type. The request body, present in POST/PUT requests, contains data in formats like URL-encoded, form data, JSON, or XML—each suited for different data structures and types.
Q 6.1- Which HTTP request header specifies the domain name of the web server to which the request is being sent?
A 6.1- Host
Q 6.2- What is the default content type for form submissions in an HTTP request where the data is encoded as key=value pairs in a query string format?
A 6.2- application/x-www-form-urlencoded
Q 6.3- Which part of an HTTP request contains additional information like host, user agent, and content type, guiding how the web server should process the request?
A 6.3- Request Headers
Task 7 HTTP Response: Status Line and Status Codes
This section covers the concepts of HTTP Responses which include a status code and reason phrase to indicate the outcome of a request. These codes fall into categories like informational (100-199), successful (200-299), redirection (300-399), client errors (400-499), and server errors (500-599). Common examples are 200 (OK), 404 (Not Found), and 500 (Internal Server Error).
Q 7.1- What part of an HTTP response provides the HTTP version, status code, and a brief explanation of the response’s outcome?
A 7.1- Status Line
Q 7.2- Which category of HTTP response codes indicates that the web server encountered an internal issue or is unable to fulfil the client’s request?
A 7.2- Server Error Responses
Q 7.3- Which HTTP status code indicates that the requested resource could not be found on the web server?
A 7.3- 404
Task 8 HTTP Response: Headers and Body
HTTP response headers are key-value pairs that provide important details to the client, such as content type, server info, and caching instructions. Essential headers include Date, Content-Type, and Server, while others like Set-Cookie, Cache-Control, and Location offer additional functionality, like managing cookies and caching.
Q 8.1- Which HTTP response header can reveal information about the web server’s software and version, potentially exposing it to security risks if not removed?
A 8.1- Server
Q 8.2- Which flag should be added to cookies in the Set-Cookie HTTP response header to ensure they are only transmitted over HTTPS, protecting them from being exposed during unencrypted transmissions?
A 8.2- Secure
Q 8.3- Which flag should be added to cookies in the Set-Cookie HTTP response header to prevent them from being accessed via JavaScript, thereby enhancing security against XSS attacks?
A 8.3- HttpOnly
Task 9 Security Headers
HTTP Security Headers enhance web application security by mitigating risks like Cross-Site Scripting (XSS) and clickjacking. Key headers include Content-Security-Policy (CSP), which defines safe content sources; Strict-Transport-Security (HSTS), which enforces HTTPS connections; X-Content-Type-Options, which prevents MIME type sniffing; and Referrer-Policy, which controls referrer information shared during redirection. These headers work together to strengthen web security.
Q 9.1- In a Content Security Policy (CSP) configuration, which property can be set to define where scripts can be loaded from?
A 9.1- script-src
Q 9.2- When configuring the Strict-Transport-Security (HSTS) header to ensure that all subdomains of a site also use HTTPS, which directive should be included to apply the security policy to both the main domain and its subdomains?
A 9.2- includeSubDomains
Q 9.3- Which HTTP header directive is used to prevent browsers from interpreting files as a different MIME type than what is specified by the server, thereby mitigating content type sniffing attacks?
A 9.3- nosniff
Task 10 Practical Task: Making HTTP Requests
In this section, a practical task is given to practice the things we have learnt in this room.
Q 10.1- Make a GET request to /api/users. What is the flag?
A 10.1- THM{YOU_HAVE_JUST_FOUND_THE_USER_LIST}
Q 10.2- Make a POST request to /api/user/2 and update the country of Bob from UK to US. What is the flag?
A 10.2- THM{YOU_HAVE_MODIFIED_THE_USER_DATA}
Q 10.3- Make a DELETE request to /api/user/1 to delete the user. What is the flag?
A 10.3- THM{YOU_HAVE_JUST_DELETED_A_USER}
Task 11 Conclusion
I’m ready to move forward and learn more about web application security.
No answer needed
You can check out our other blogs here.
Happy Pentesting!!!
Team CyberiumX