I started to learn some cybersecurity and pentesting from TCM and HTB ACADEMY and they teach how to host a server but I don’t understand why doing that? what’s the point of hosting a web server in the field of cybersecurity and why they teach me that?
If you work in security, you will almost certainly have something to do with web servers, so you need to know how they work.
Firewalls, Port Forwarding Blocking, Log Analysis. Paper is one thing, and practical is another.
Your server will be under attack the moment its facing WAN. Learn how to secure it.
If you want to secure something, you should know how it works?!
Sounds to me like it’s just part of the course to get you “introduced” to things you may venture into and using it as a tool to play with for you to get familiar with things
How are you supposed to secure something that you don’t understand?
For example: how would you transfer a remote php shell when doing RFI in a closed network?
Unless you are spesfically targeted, hacking doesn’t really work like that anymore, Think of it as mining for gold. When you want to dig land that has the most possible chance gold. This means you want to hit a big hosting company or site that manages personal information. While you should have a decent firewall and latest security updates. We are not worth the effort nor are we worth much gold for all the trouble to penetrate security. We cut down large trees, not small ones.
So you know how to do it securely and analyze what may go one when it is attacked. Or what else do you want with cybersecurity? It’s about securing services on the global network and local. And webhosting is one of those service.
well a web server is a pen-testable thing, and is also a very common pen-tested thing so the background knowledge is useful .
Bro if you dont know that, you are in the wrong area…
There is this thing called the internet, it’s filled with web servers. It’s what cybersecurity is basically all about.
A web server is more than just a thing that serves up personal web pages. Virtually all system to system communication uses a web servers nowadays, the world runs on APIs.
I feel like this is like asking why you’d have to know how a stove works if you’re going to be a cook. It’s more than just related, it’s practically the core most fundamental thing you need to know how it works in order to be a cybersecurity pentest person.
Imho attitude’s like this really turn me off in some people. A friend of mine wanted to learn computer programming and information technology, so I gave him a crash course on docker with the goal of setting up a container to handle vpn bittorrent downloads. Really simple stuff, like copy and pasting a few commands. He asked why even do this if he can just use deluge on his desktop. Like, it’s missing the forest for the trees, you need to know how stuff works to be useful to people that are looking to hire people who know how stuff works.
The friend of mine was hoping to work with me as a contractor so he could get high paid computer work, but frankly, I don’t need to hire someone who is too lazy to learn even the most basic fundamentals. And in your case, knowing how a web server works is fundamentals. And you can figure out the basics in only a few days.
The only way you’re going to make it in info tech is to be curious and figure out how stuff works. That is the *only* real skill you need to succeed.
Honeypot
If you learn cybersecurity you will be hired by companies who want to either test their security or have you implement one. How are you supposed to know how to do that if you don’t know how a website works in the first place. How to work with a website. If you could tell the it guy to just „do xyz“ there would be no reason for them to hire you.
Someone being a Webdesigner has to know how a website works too to be able to design one. They can ignore security and resources for the most part, but they have to know how to make their pretty website run in the first place. Otherwise you could just hire a graphic designer to make a few fancy drawings of their website and hire someone else to build it