Week 1: Exploring HTTP Requests and Web Security Fundamentals

Key Insights from the First Week

This week marked my introduction to web security, focusing on HTTP requests and their role in identifying and mitigating web vulnerabilities. Through hands-on exercises and tool-based exploration, I gained foundational knowledge essential for professionals in cybersecurity. Here’s a summary of my key learnings:

• HTTP Methods and Web Communication: I explored core HTTP methods like GET, POST, and PUT and delved into how headers, response codes, and structured communication enable seamless client-server interaction. Understanding this is useful for both diagnosing and preventing security issues.
• Practical API Testing with curl: I practiced sending HTTP requests to perform CRUD operations on RESTful APIs, gaining practical insights into:
  • Data Creation and Modification: Sending JSON payloads with headers like Content-Type: application/json.
  • Authentication Techniques: Working with Basic Auth, session cookies, and token-based systems to secure API endpoints.
• Security Testing Tools: I utilized industry-standard tools such as Burp Suite, ZAP Proxy, and Caido to analyze web application vulnerabilities. These tools helped me identify weaknesses like poorly implemented access controls and unvalidated user inputs.
• Vulnerability Exploration: Familiarity with common vulnerabilities like Cross-Site Scripting (XSS), SQL Injection (SQLi), Broken Authentication, and Sensitive Data Exposure provided a clearer understanding of their impact on application security.
• Real-World Resources: By studying the OWASP Testing Guide and leveraging databases such as Exploit DB, I grounded my learning in practical, real-world examples.

Reflections

This first week was a rewarding deep dive into web security basics. Each tool and concept reinforced my understanding of how vulnerabilities arise and how to address them effectively. The hands-on approach allowed me to directly apply theoretical knowledge, enhancing my confidence and skills.