Web Application Hacking/Security: Fundamental Guide

Today, I will be discussing an interesting topic web application hacking/security: fundamental guide everyone willingly to break into the field of being a penetration tester, security researcher, ethical hacker, bug hunter must know. To begin with

What is hacking ?

Hacking is a means of exploiting a computer system or a private network inside a computer. To put it simply, it refers to the illegal access to or control of computer network security systems. The term hacker still carries the conception that a hacker is a criminal, but a hacker can be both ethical and unethical. 

According to Google, 30 000 websites are hacked, daily. Small businesses are the target of 43% of cyberattacks. Just 5% of organization folders and records are appropriately secured. 

Understanding how the internet works will be crucial if you are just getting started in the world of hacking. And that implies, how the URL is  mapped to a domain, which is set out to an IP address, and so forth.

Every system on the internet receives an address so that people can send messages to it, though some systems only accept certain types of messages and others only allow messages from a small number of other systems. The next step is for each system to choose what to do with the message and how to respond.

RECOMMENDED POST: Private vs Public IP addresses what differs? | Layer3 OSI Model

Take, for instance, the Hypertext Transfer Protocol (HTTP), which specifies the method by which your web browser communicates with a web server. Our web browser and web server are able to communicate by using the same protocol.

What does the internet do?

HTTP METHODS

At the point when you enter https://www.infosecwithcybersam.com.ng in your browser's (such as operamini, firefox, chrome etc) address bar and press search, the following steps below portrays what occurs at the backend:

-Your browser extricates the domain name from the URL

-Your computer sends a DNS request to your computer's configured DNS servers. DNS assists to resolve the domain name to an IP address

-Your computer attempts to set up a TCP connection with the IP address on port 80 (HTTP default port number)

-Assuming it succeeds, your browser will send a HTTP request to the server

-Then it will wait for a response from the server

-Your browser will parse and deliver the returned HTML, CSS and JS

When exploring  the browser, the web and HTML, there are ways on how these messages will be sent, including the specific techniques utilized which include GET, HEAD, POST, PUT, DELETE, TRACE, CONNECT and OPTIONS.

Techniques use by web applications to send messages

The GET method is used to retrieve or get the information from the given server using a given URL.

The HEAD method is used to retrieve just the headers that would be present in the response of an equivalent GET call. It could be used simply to check whether or not a resource exists or to retrieve the Content-Length Header before deciding whether or not to download a large file. 

The POST method is used for sending data to the server such as uploading a file or transferring some data or adding a new row to the back end table to any kind of web form. Simply put, we can say that the post method is used for inserting new items in the backend server. 

The PUT method is most often used to update an existing data. For instance, when updating your account, updating a blog post and so on. Once more, the activity performed can differ and may bring about the server making no move by any means.

The DELETE method just as the name connote, it is utilized to invoke a request for the remote server to delete data recognized by the URL.

The TRACE method is one more extraordinary technique, this time used to reflect back the request message to the requester. This permits the requester to see what is being gotten by the server and to involve that data for testing and analytic data.

The CONNECT method is really held for use with a proxy (proxy is fundamentally a server which forward request to different servers)

The OPTIONS method is utilized to demand data from a server about the communication options accessible. For instance, calling for OPTIONS might demonstrate that the server acknowledges GET, POST, PUT, DELETE and OPTIONS calls yet not HEAD or TRACE.

Now you’re equipped with the fundamental comprehension of how the internet works, you can dive into different types of hackers and types of vulnerabilities.

RECOMMENDED POST: Roles of Security Researchers 

Stay connected!!

Take Note: Obviously, this article is a good place to start, but you should also look for other materials on your own.