Start here overview
Day 4 · Skills
55–70 min

Day 4: Web security introduction

Web applications are the most common attack surface. Today you study how browsers talk to servers, where authentication breaks, and the vulnerability classes every ethical hacker and AppSec engineer must know.

Today's outcome: You understand HTTP, sessions, cookies, and the OWASP Top 10 at a beginner level.

Week progress

Day 4 of 7

  1. 1

    Security mindset & threat basics

  2. 2

    Networking for security

  3. 3

    Linux command line

  4. 4

    Web security introduction

    You are here

  5. 5

    SOC & log awareness

  6. 6

    First hands-on lab

  7. 7

    Pick your career direction

Goals

Learning objectives

By the end of today you should be able to:

  • Trace an HTTP request/response and identify headers, cookies, and status codes
  • List OWASP Top 10 categories and one example each
  • Use a JWT decoder tool to inspect token structure (no exploitation)
  • Relate one OWASP risk to a control you have seen in production

Schedule

Suggested schedule

Adjust timing to your pace — aim for one focused block per day.

  1. Tutorial~35 min

    Study OWASP Top 10 tutorial — focus on injection, auth, and XSS sections.

  2. Inspect~15 min

    Capture a login flow in dev tools; note cookies and Authorization headers.

  3. Tool~10 min

    Paste a sample JWT into the JWT decoder and label header vs payload.

  4. Reflect~10 min

    Pick one OWASP item and write how you would test for it safely.

Concepts

Key terms for today

HTTPSessionCookieCSRFXSSSQL injectionOWASP Top 10

Notebook

Reflection prompts

Copy these into your learning notebook — answers become portfolio material later.

  • What is the difference between authentication and authorization?
  • Which OWASP risk is most common in apps I use?
  • What would an attacker gain from stealing a session cookie?

Up next: Day 5

SOC & log awareness