Web_Fundamentals.md

Web Fundamentals Learning Path

Type: Learning Path
Difficulty: Easy
Description:
The aim of this path is to teach you how to attack web applications. To successfully attack and exploit 
web applications, you need to understand how they work. The first section (Web Fundamentals) will give 
you all the pre-requisite knowledge on this. 

The second section (Security Tools) focuses on learning how to use Industry Standard tooling to 
interact with your targets. 

The third section (Vulnerabilities) covers various vulnerabilities found in web applications today. 
This section will go over root causes of these vulnerabilities and give you hands on experience on 
exploiting them.

The final section (Practise Makes Perfect) will help you apply what you've learnt in previous sections.

After completing this path, you should be able to:

 * understand how web applications work
 * utilise industry standard tooling when attacking web applications
 * explain and exploit common web vulnerabilities
 * apply this knowledge to other targets (be it within an interview or a professional web applications 
   security assessment)

Web link: https://tryhackme.com/path/outline/web

Included rooms

How The Web Works

• DNS in detail
• HTTP in Detail
• How Websites Work
• Putting it all together

Introduction to Web Hacking

• Walking An Application
• Content Discovery
• Subdomain Enumeration
• Authentication Bypass
• IDOR
• File Inclusion
• Intro to SSRF
• Intro to Cross-site Scripting
• Race Conditions
• Command Injection
• SQL Injection

Burp Suite

• Burp Suite: The Basics
• Burp Suite: Repeater
• Burp Suite: Intruder
• Burp Suite: Other Modules
• Burp Suite: Extensions

Web Hacking Fundamentals

• How Websites Work
• HTTP in Detail
• Burp Suite: The Basics
• OWASP API Security Top 10 - 1
• OWASP Juice Shop
• Upload Vulnerabilities
• Pickle Rick

OWASP Top 10 (2025)

• OWASP Top 10 2025: IAAA Failures
• OWASP Top 10 2025: Application Design Flaws
• OWASP Top 10 2025: Insecure Data Handling