How Websites Work: A Deep Dive into Web Structure and Security

If you want to understand how to exploit a website, the first step is knowing how it's built. This module provided an in-depth look at the key components of a website, from basic structure to security vulnerabilities that can arise if best practices aren't followed.

Understanding Website Structure

A website functions through a request-response cycle:

1. A user’s browser sends a request to a web server.
2. The server processes the request and responds with the necessary files.
3. The browser renders the content, displaying the website to the user.

Websites consist of two major parts:

• Front-end (Client-side): This is what users see and interact with, built using HTML, CSS, and JavaScript.
• Back-end (Server-side): This handles the logic, databases, and user authentication, ensuring the website functions as expected.

HTML and JavaScript: The Foundation of Web Development

Revisiting HyperText Markup Language (HTML) was a great refresher. I worked on an exercise fixing an <img> tag and adding a new one, reinforcing the importance of proper markup for displaying content correctly.

Next, I explored JavaScript (JS) and its role in adding interactivity to web pages. Through hands-on exercises, I learned how to dynamically change an HTML element’s content and add an onclick event to a button, showcasing how JavaScript makes websites more responsive and interactive.

Web Security: Understanding Common Vulnerabilities

Beyond website structure, I also dived into security vulnerabilities that developers must guard against.

Sensitive Data Exposure

One major risk is Sensitive Data Exposure, which occurs when websites fail to properly protect or remove sensitive information from their front-end code. In an exercise, I inspected a webpage’s source code and discovered an admin password left inside an HTML comment—a critical mistake that could be exploited by attackers.

HTML Injection

Another vulnerability I learned about was HTML Injection, which happens when user input isn't properly sanitized before being displayed on a webpage. To see this in action, I injected malicious HTML into a login form, which resulted in a deceptive link appearing on the page—something attackers could use for phishing or defacement.

What’s Next?

The next step is putting it all together—leveraging this knowledge to better understand how websites work and how vulnerabilities can be mitigated. This module provided a solid foundation for exploring web security and ethical hacking, equipping me with the skills to identify potential risks in real-world scenarios.