Networking & Web Fundamentals

Answer: TCP is connection-oriented and reliable, using acknowledgements and retransmissions to ensure delivery. UDP is connectionless and faster but does not guarantee delivery or ordering. You’ll commonly see TCP for web traffic and UDP for DNS or streaming.

Tip: Examples: HTTPS = TCP. DNS is usually UDP (sometimes TCP).

Answer: The client sends SYN, the server replies SYN-ACK, and the client responds with ACK. This establishes a connection and confirms both sides can communicate before sending data. It’s helpful for understanding scans and some DoS patterns.

Tip: Say it confidently: SYN → SYN-ACK → ACK.

Answer: DNS maps domain names to IP addresses. During recon, DNS can reveal subdomains, mail servers, and internal naming patterns. Misconfigured DNS records can leak sensitive details.

Tip: Mention subdomain enumeration and checking TXT records.

Answer: HTTP sends data in plaintext, while HTTPS uses TLS to encrypt and protect data in transit. HTTPS reduces interception and tampering risks, but pentesters still test TLS configs and cookie security. Encryption doesn’t fix broken access control or injection issues.

Tip: Mention Secure/HttpOnly/SameSite cookie flags.

Answer: GET retrieves data, POST submits data, PUT updates resources, and DELETE removes resources. Different methods can expose hidden functionality or misconfigurations. Pentesters verify method restrictions and authorization checks.

Tip: If asked: OPTIONS can show allowed methods.

Answer: Status codes tell you what happened: 200 success, 301/302 redirect, 401/403 auth issues, 404 not found, 500 server error. They help you understand app behavior and can hint at misconfigurations or hidden endpoints. Differences between 403 vs 404 can leak information.

Tip: Know: 200, 301, 302, 401, 403, 404, 500.

Answer: A cookie is data stored in the browser used for session state, preferences, or tracking. Authentication often relies on session cookies or tokens. If cookies are not protected, they can be stolen or replayed.

Tip: Protect auth cookies with Secure + HttpOnly + SameSite.

Answer: Cookies live in the browser, while sessions are typically stored on the server. A cookie often contains a session ID pointing to server-side session data. Weak session handling can lead to session hijacking.

Tip: Say: “cookie holds session ID; server holds session data.”

Answer: Same-Origin Policy restricts scripts from reading data from a different origin (protocol + domain + port). It protects users from malicious sites stealing data. Many web attacks attempt to abuse trust boundaries in the browser.

Tip: Origin = protocol + domain + port.

Answer: CORS controls when browsers can make cross-origin requests to a server. Misconfigured CORS can allow a malicious origin to read sensitive responses. Pentesters check for wildcard origins and unsafe credential settings.

Tip: Avoid ACAO:* with credentials enabled.