1. INTRODUCTION
This is a detailed account of the Web Fundamentals module of HackTheBox Academy. The module offers a well-organized learning environment for the understanding of the fundamental concepts in web technologies and architecture of modern web applications. The module begins with an introduction to web applications and their organization, followed by significant topics like frontend and backend development, markup and styling languages (HTML and CSS), and JavaScript scripting.
Apart from development principles, the module also discusses security key topics, such as common web vulnerabilities like exposure of sensitive information, HTML injection, cross-site scripting (XSS), and cross-site request forgery (CSRF). It also delves into backend infrastructure: web servers, backend servers, and databases, before concluding with expertise in development frameworks, APIs, and public vulnerabilities.
Every chapter is designed to present building blocks of information for anybody interested in web development as a career or cybersecurity, with examples from reality and security-focused dialogues to elicit practical implications.
2. WEB APPLICATIONS
This section covered the fundamentals of web applications, including their client-server architecture and how they differ from regular websites and native OS apps. I discovered that web applications are platform-independent and can be accessed from several platforms, which makes them a cross-industry solution used universally. It was interesting to refresh my knowledge about web application security, particularly the vulnerabilities that are targeted and how penetration testing helps to make them secure.
3. WEB APPLICATION LAYOUT
This section covered web application architecture and structure, including different infrastructure models like client-server, single-server, and multi-server. I understood how web applications are structured with layers of presentation, application, and data, which all participate in serving clients’ requests and ensuring secure interactions.
4. FRONTEND VS. BACKEND
This segment explained web application infrastructure models again (possibly duplicated in the content). It emphasized the different responsibilities of the frontend (user interface, styling, client-side logic) and the backend (data processing, business logic, database access).
5. HTML
This section covered the basics of HTML, its structure, and how browsers render pages. Topics included elements, URL encoding, and the Document Object Model (DOM).
6. CSS
Covered styling and formatting using CSS, including layout, colors, animations, and responsiveness. It also mentioned frameworks like Bootstrap and SASS.
7. JAVASCRIPT
Explored how JavaScript powers interactivity and dynamic behavior. Introduced modern libraries/frameworks like Angular, React, and Vue.
8. SENSITIVE DATA EXPOSURE
Focused on how web apps may expose login credentials, tokens, or personal data unintentionally through misconfigured scripts or HTML.
9. HTML INJECTION
Described how unsanitized user input could be used to inject malicious HTML, affecting UI or deceiving users.
10. CROSS-SITE SCRIPTING (XSS)
Covered types of XSS (Reflected, Stored, DOM-based), and how JavaScript payloads can be injected and executed in the browser.
11. CROSS-SITE REQUEST FORGERY (CSRF)
Explained how CSRF attacks trick authenticated users into executing unintended actions, and how XSS can often be a prerequisite.
12. BACKEND SERVERS
Covered infrastructure behind web applications, including common software stacks (LAMP, XAMPP, etc.) and considerations for scalability and performance.
13. WEB SERVERS
Introduced web servers like Apache, Nginx, and IIS, responsible for serving web content over HTTP/S.
14. DATABASES
15. DEVELOPMENT FRAMEWORKS & APIS
16. COMMON WEB VULNERABILITIES
17. PUBLIC VULNERABILITIES
18. CONCLUSION
Going through the Web Fundamentals module on HackTheBox Academy was a valuable refresher that reinforced my existing knowledge while sharpening my understanding of modern web technologies and security principles. It was insightful to revisit key building blocks like HTML, CSS, and JavaScript—not just in terms of functionality, but through the lens of how they contribute to both the usability and vulnerability of web applications.
What struck me the most were the security-focused sections, particularly sensitive data exposure, HTML injection, XSS, and CSRF. These reminded me of the significance of secure coding and input validation to defend against real threats. The sections on backend infrastructure, web servers, and APIs emphasized how interconnected and complex modern web applications truly are.
In summary, this module emphasized embedding security at every level of web development.
