Web Basics
Web Vulnerabilities
User Input Threats
Databases & SQL
100

This set of built-in tools in your browser lets you inspect website elements, cookies, and network requests.

Developer Tools

100

Reason why websites are vulnerable to attack

Interactivity

100

This type of attack can occur when a program writes more data than an input variable can hold.

Buffer Overflow

100

This language is used to create, read, update, and delete data in a relational database.

SQL

200

This part of the model used by websites sends requests to a server and receives responses.

Client

200

A small packet of data created by the web server and stored on the user’s computer with info like user preferences, reference data, or a session ID.

Cookie

200

This type of vulnerability allows access to sensitive files on a server by using ../ in a URL.

Directory Traversal

200

This SQL command is used to retrieve data from one or more tables.

SELECT

300

This is the part of the model used by websites is responsible for hosting websites, handling data, and processing requests.

Server

300

This is a unique identifier stored server-side that tracks a user across multiple pages.

Session

300

This is a technique used to protect against user input threats.

Sanitization

300

This clause is used in SQL to filter results based on a condition.

WHERE

400

Software application with a graphical user interface for displaying and navigating between web pages. 

Browser

400

This type of request sends data securely in the request body and is not visible in the URL.

POST request

400

This type of attack tricks a website into executing malicious JavaScript code submitted by a user.

Cross Site Scripting 

400

Suppose you have a database with a table called "Movies" that contains information on movies. There are columns such as movieName, movieGenre, and movieYear. This SQL query retrieves movies that came out in 2005.

SELECT * FROM Movies WHERE movieYear = 2005;

500

This protocol encrypts communication between a user's browser and a web server.

HTTPS

500
3 ways to secure your browser

-Update your browser

-Reduce adding extensions

-Manually limit/restrict scripts and cookies

- Turn on pop up blocker (Pay attention to what you click)

-Don't use browser when logged in as admin

500

The following input is an example of a user input threat: && whoami

Command Injection
500

This is a common SQL injection payload used to bypass login pages.

' OR 1=1--

M
e
n
u