Web Hacking Roadmap

Internet & Web Basics

How the web works, HTTP/HTTPS, browsers, servers, DNS.

Networking Basics

TCP/IP, ports, protocols, proxies, VPNs.

Checkpoint — Web Foundations

Web Technologies

HTML & CSS

Forms, inputs, DOM structure, client-side rendering.

JavaScript Basics

DOM manipulation, events, AJAX, fetch API.

Checkpoint — Frontend Basics

Backend Knowledge

Backend Concepts

APIs, sessions, cookies, authentication, authorization.

Databases

SQL, NoSQL, queries, injections, data storage.

Checkpoint — Backend Understanding

OWASP Top 10

Injection Attacks

SQL Injection, Command Injection, NoSQL Injection.

XSS & CSRF

Stored, reflected, DOM XSS, CSRF attacks.

Checkpoint — OWASP Basics

Advanced Web Attacks

Authentication Attacks

Broken auth, IDOR, session fixation, brute force.

File & Logic Attacks

File upload bypass, LFI/RFI, business logic flaws.

Checkpoint — Exploitation Skills

Web Hacking Tools

Essential Tools

Burp Suite, OWASP ZAP, SQLmap, Nmap.

Manual Testing

Intercepting requests, payload crafting, fuzzing.

Checkpoint — Tool Mastery

Practice & Real World

Labs & CTFs

TryHackMe, PortSwigger Labs, HackTheBox.

Bug Bounty

Finding and reporting real-world web vulnerabilities.

Professional Web Hacker