--------------------Web Application

Basics---------------------------------------------------------
Front end -html,css,js
backend -database,web server, firewall

Uniform Resource Locator (URL):- is a web address that lets you access all kinds
of online content—whether it’s a webpage, a video, a photo, or other media
-http://user:password@tryhackme.com:80/view-room?id=1#task3
scheme: is the protocol used to access the website
User: Some URLs can include a user’s login details
host/domain: tells you which website you’re accessing
typosquatting -> domain names that appear almost like real ones but
have small differences(for faking/phishing)
port no: helps direct your browser to the right service on the web server.
path: points to the specific file or page on the server that you’re trying
to access
query string: part of the URL that starts with a question mark (?).used
for things like search terms or form inputs
fragment: starts with a hash symbol (#) and helps point to a specific
section of a webpage—like jumping directly to a particular heading or table.

2 types of HTTP messages:

HTTP Requests: Sent by the user to trigger actions on the web application.
HTTP Responses: Sent by the server in response to the user’s request.
Each msg have a specific format
Start line: What do you want? (GET, POST, etc.)
Headers: Extra info (browser, content type, etc.)
Empty line: Marks the end of headers
Body: The real message (page, file, data, etc.)

POST /login HTTP/1.1 -request line

Host: tryhackme.com -request headers
Content-Type:application/x-www-form-urlencoded
Content-Length: 43
-empty line
username-aleksandra&password.securepassword -request body

___________HTTP REQUEST__________
1.Start Line/Request Line: tells the server what kind of request it’s dealing
with
three main parts: the HTTP method, the URL path, and the HTTP version.
GET /user/login.html HTTP/1.1
HTTP Method:- tells the server what action the user wants to perform
GET – Get data (read only)from server without making any change
POST – Send data (create/update) to server
PUT – Replace or update on server
DELETE – Remove data
PATCH – Update part of something(small changes without replacing the whole
thing)
HEAD – Get headers only (no content, 4 checking metadata)
OPTIONS – what methods are available for a specific resource, helping
clients understand what they can do with the server.
TRACE – Debug (rare, risky)
CONNECT – Make secure (HTTPS) connection
URL Path:- tells the server where to find the resource the user is asking for
HTTP Version:- shows the protocol version used to communicate between the
client and server
HTTP/0.9 (1991)-The first version, only supported GET requests.
HTTP/1.0 (1996)-Added headers and better support for different types of
content, improving caching.
HTTP/1.1 (1997)-Brought persistent connections, chunked transfer encoding,
and better caching. It’s still widely used today.
HTTP/2 (2015)-Introduced features like multiplexing, header compression,
and prioritisation for faster performance.
 HTTP/3 (2022)-Built on HTTP/2, but uses a new protocol (QUIC) for quicker
and more secure connections.

2.Request Headers: allow extra information to be conveyed to the web server

about the request
Request header Example Description
Host Host: tryhackme.com Specifies the name of the web
server the request is for.
User-Agent User-Agent: Mozilla/5.0 Shares information about the web
browser the request is coming from.
Referer Referer:https://www.google.com/ Indicates the URL
from which the request came from.
Content-Type Content-Type: application/json Describes what type
or format of data is in the request.
Cookie Cookie:
user_type=student;room=introtowebapplication;room_status=in_progress
Info the web server previously asked the web
browser to store is held in cookies.

3.Request Body: data sent to & from the web server

formatting of the data can take many forms,like URL Encoded, Form Data, JSON,
or XML.
URL Encoded (Content-type:application/x-www-form-urlencoded)-data is
structured in key:value pairs
Form Data (Content-type:multipart/form-data)-to send multiple pieces of
data. separated by boundary string
JSON (application/json)- Data is formatted in pairs of name : value,
Multiple pairs are separated by commas, within {}
XML (application/xml)-data is structured inside labels called tags, which
have an opening and closing(like </html>)

________________HTTP RESPONSE____________
HTTP response to let you know whether your request was successful or something
went wrong
1.Status Line - The first line in every HTTP response. gives 3 key pieces of
info:
HTTP/1.1 200 ok
HTTP Version: This tells you which version of HTTP is being used.
Status Code: A three-digit number showing the outcome of your request.
Reason Phrase: A short message explaining the status code in human-
readable terms.

Status Code - the number that tells you if the request succeeded or failed
Informational Responses (100-199)- server has received part of the request
and is waiting for the rest. It’s a "keep going" signal. 100 (Continue)
Successful Responses (200-299)- everything worked as expected. The server
processed the request and sent back the requested data. 200 (OK)
Redirection Messages (300-399)- resource you requested has moved to a
different location, usually providing the new URL. 301 (Moved Permanently)
Client Error Responses (400-499)- indicate a problem with the request.
Maybe URL is wrong, or missing some required info, like authentication. 404
(Not Found)
Server Error Responses (500-599)- server encountered an error while trying
to fulfil the request. These are usually server-side issues and not the client’s
fault. 500 (Internal Server Error)

2.Response Header - key-value pairs. provide imp info about the response & tell
the client(usually the browser) how to handle it.
Content-Type: application/json
Content-Length: 34
Date: wed, 29 Aug 2024 GMT
{
"message":"Login successful! ",
"status":"success"
 }
Imp required response headers like: Date, Content-type, Server
Others:
Set-Cookie: Sends cookies from server to client. Use flags
"HttpOnly" and "Secure" for safety.
Cache-Control: Tells browser how long to store response (e.g. max-
age=600).
Location: Used for redirects. Shows where the client should go next.

3.Response Body - the actual data —things like HTML, JSON, images, etc., that
the server sends back to the client.To prevent injection attacks like Cross-Site
Scripting (XSS), always sanitise and escape any data (especially user-generated
content) before including it in the response.

SECURITY HEADERS
HTTP Security Headers help improve the overall security of the web application
by providing mitigations against attacks like Cross-Site Scripting (XSS),
clickjacking, and others.

Websites often load content like JavaScript, fonts, or stylesheets from external
sources such as CDNs (e.g., fonts.googleapis.com, cdn.jsdelivr.net, or analytics
services like google-analytics.com).
This improves performance and saves development time.
However, loading from other domains can introduce security risks, especially
Cross-Site Scripting (XSS). If an attacker injects malicious code, the browser
might run it, potentially exposing sensitive data like cookies or login
credentials.

Content-Security-Policy(CSP) - security feature that lets a website define which

domains are allowed to load specific content(scripts, styles, etc.).
-Content-Security-Policy: default-src 'self'; script-src 'self'
https://cdn.tryhackme.com; style-src 'self'
default-src 'self': Only allow content (images, scripts, etc.) from
the same origin.
script-src: Allow scripts from the site itself and
cdn.tryhackme.com.
style-src: Only allow CSS styles from the site itself.
Strict-Transport-Security (HSTS) - ensures that web browsers will always connect
over HTTPS
-Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
max-age: How long (in seconds) the browser should only use HTTPS.
includeSubDomains: Applies HTTPS enforcement to all subdomains.
preload: Lets the site be added to browser preload lists, enforcing
HTTPS even on first visit.
X-Content-Type-Options - tells the browser not to guess the file type and to
strictly follow the Content-Type declared by the server.
-X-Content-Type-Options: nosniff
nosniff: instructs the browser not to sniff or guess the MIME type.
Referrer-Policy - controls how much referrer information (the URL of the
previous page) is sent when a user clicks a link.
-Referrer-Policy: no-referrer (Sends no referrer info at all.)
-Referrer-Policy: same-origin (Sends referrer only to the same site, not
to external sites.)
-Referrer-Policy: strict-origin (Sends only the domain (not full URL), and
only over HTTPS.)
-Referrer-Policy: strict-origin-when-cross-origin (ends full referrer to
same-site links, and only the domain for secure cross-site links.)

----------------------------------------Java
Script-------------------------------------------
Variables:- store data.
var is function-scoped( can use inside a function)
let and const are block-scoped (can use inside a {})
Use const when the value won’t change.
Data Types:- string (text), number, boolean (true/false), null, undefined, and
object (for more complex data like arrays or objects).
Functin:- function printResult(rollNum) {
// code to show result
}
Request-Response Cycle:- is when a user's browser (the client) sends a request
to a web server, and the server responds with the requested information
JS is an Interpreted language:- code executed directly in rbowser,no prior
compilation
Internal JavaScript:- JS written directly inside an HTML file using <script>
tags.
External JavaScript:- JS written in a separate .js file and linked to the HTML
file.(<script src="script.js"></script>)
Dialogue Functions -
Alert function displays a message in a dialogue box with an "OK" button
- alert("HelloTHM");
Prompt function displays a dialogue box that asks the user for input -
name=prompt("Enter ur name");
Confirm function displays a dialogue box with a message and two buttons:
"OK" and "Cancel" - confirm("Are you sure?");
Control flow - the order in which statements and code blocks are executed based
on certain conditions.
Minification - process of compressing JS files by removing all unnecessary
characters, such as spaces, line breaks, comments, and even shortening variable
names. This helps reduce the file size and improves the loading time of web
pages
Obfuscation - make JS harder to understand by adding undesired code, renaming
variables and functions to meaningless names, and even inserting dummy code.

-----------------------------------
SQL------------------------------------------------------
Relational databases: Store structured data. relationships can then be made
between two or more tables (sql)
Non-relational databases: Store data in a non-tabular format. (nosql)
Primary Keys: used to ensure that the data collected in a certain column is
unique
Foreign Keys: column/columns in a table that also exists in another table within
the database.provides a link between the two tables.

DBMS - software program that allows users to retrieve, update and manage the
data being stored
eg:-MySQL, MongoDB, Oracle Database and Maria DB.
Interaction between the end user and the database can be done using SQL
(Structured Query Language)

->create database db1;

->show databases;
->use db1;
->drop database db1;

->CREATE TABLE book_inventory (

book_id INT AUTO_INCREMENT PRIMARY KEY,
book_name VARCHAR(255) NOT NULL,
publication_date DATE);
->SHOW TABLES;
->DESCRIBE book_inventory; (show columns that are contained within a table)
->ALTER TABLE book_inventory ADD page_count INT;
->DROP TABLE table_name;

CRUD Operations:- stands for Create, Read, Update, and Delete,

->INSERT INTO books (id, name, published_date) VALUES (1, "Alchemist",
"2014-10-14");
->SELECT * FROM books; SELECT name, description FROM books;
->UPDATE books SET name = "Alchemist v2" WHERE id = 1;
 ->DELETE FROM books WHERE id = 1;

Clause:- part of a statement that specifies the criteria of the data being
manipulated (DISTINCT, GROUP BY, ORDER BY, HAVING)
->SELECT DISTINCT name FROM books; avoid duplicate records
->SELECT name, count(*) from books group by name; aggregates data from
multiple records
->SELECT * FROM books ORDER BY published_date ASC; or DESC
->SELECT name, COUNT(*) FROM books GROUP BY name HAVING name LIKE
'%Hack%';
Operators:-
->SELECT * FROM books WHERE description LIKE "%guide%";
->SELECT * FROM books WHERE category = "Offensive Security" AND name =
"Bug Bounty Bootcamp";
->SELECT * FROM books WHERE name LIKE "%Android%" OR name LIKE "%iOS%";
->SELECT * FROM books WHERE NOT description LIKE "%guide%";
->SELECT * FROM books WHERE id BETWEEN 2 AND 4;
->SELECT * FROM books WHERE name = "Designing Secure Software"; =
->SELECT * FROM books WHERE category != "Offensive Security"; !=
->SELECT * FROM books WHERE published_date < "2020-01-01"; or > or <= or
>=
Functions:- String funcs=
->SELECT CONCAT(name, " is a type of ", category, " book.") AS book_info
FROM books;
->SELECT category, GROUP_CONCAT(name SEPARATOR ", ") AS books FROM books
GROUP BY category; (concat data from multiple rows into one field.)
->SELECT SUBSTRING(published_date, 1, 4) AS published_year FROM books;
->SELECT LENGTH(name) AS name_length FROM books;
Aggregate Functions=
->SELECT COUNT(*) AS total_books FROM books;
->SELECT SUM(price) AS total_price FROM books;
->SELECT MAX(published_date) AS latest_book FROM books;
->SELECT MIN(published_date) AS earliest_book FROM books;