# How Websites Work

![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McGvTzniPfQn1KL9-jP%2F-McGveuk5OqBbBJDdZy3%2Fimage.png?alt=media\&token=8fbb348a-b29f-4085-a7cb-074e14267f0f)

## How websites work

When you visit a website, your browser (like Safari or Google Chrome) makes a request to a web server asking for information about the page you're visiting. It will respond with data that your browser uses to show you the page; a web server is just a dedicated computer somewhere else in the world that handles your requests.

![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McGvTzniPfQn1KL9-jP%2F-McGwJoMwY4q60BSpkKa%2Fimage.png?alt=media\&token=baa1eef9-3b45-4b8b-80ff-95505d1532c7)

There are two major components that make up a website:&#x20;

* Front End (Client-Side): The way your browser renders a website
* Back End (Server-Side): A server that processes your request and returns a response

## HTML

Websites are primarily created using:&#x20;

* HTML: To build websites and define their structure.
* CSS: To make websites look pretty adding styling options
* JavaScript: Implement complex features on pages using interactivity

**H**yper**T**ext **M**arkup **L**anguage (HTML) is the language websites are written in. Elements (also known as tags) are the building blocks of HTML pages and tells browser how to display content.

![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McGvTzniPfQn1KL9-jP%2F-McGxn8-sF0rTjvZgzlc%2Fimage.png?alt=media\&token=aff2dafa-97bf-4080-b5b5-51e5b98a2669)

![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McGvTzniPfQn1KL9-jP%2F-McGy91ndBw5tnGcPzzY%2Fimage.png?alt=media\&token=92fc95e0-2b7a-454b-8f80-e0aabe6ef208)

![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McGvTzniPfQn1KL9-jP%2F-McGylX9EaBwylqQTval%2Fimage.png?alt=media\&token=a4bc27be-1713-4a33-ac60-0335fcadec0e)

## JavaScript

JavaScript (JS) is one of the most popular coding languages in the world and allows pages to become interactive. JavaScript is used to control the functionality of web pages - without JavaScript, a page would not have interactive elements and would always be static.&#x20;

![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McGvTzniPfQn1KL9-jP%2F-McGzfOsqTQj20qjglLc%2Fimage.png?alt=media\&token=d675bf22-a7a8-4562-b5cd-8a7898e6a00f)

## Sensitive Data Exposure&#x20;

Sensitive Data Exposure occurs when a website doesn't properly protect (or remove) sensitive clear-text information to the end-user; usually found in a site's frontend source code.

We now know that websites are built using many HTML elements (tags), all of which we can see simply by "viewing the page source". A website developer may have forgotten to remove login credentials, hidden links to private parts of the website or other sensitive data shown in HTML or JavaScript.

![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McGvTzniPfQn1KL9-jP%2F-McH03ehI5-qmyAcfegd%2Fimage.png?alt=media\&token=5d12b223-7f9b-4b8b-81dd-d9f6b70f9dd4)

## HTML Injection

HTML Injection is a vulnerability that occurs when unfiltered user input is displayed on the page. If a website fails to sanitize user input (filter any "malicious" text that a user inputs into a website), and that input is used on the page, an attacker can inject HTML code into a vulnerable website.

Database injection is where you can manipulate a database lookup query to log in as another user by controlling the input that's directly used in the query.

![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McGvTzniPfQn1KL9-jP%2F-McH147ehVkTWobZcGcM%2Fimage.png?alt=media\&token=0bef866b-1536-415b-94df-71b25b94b472)