General | HTTP Basics (3) | Cycubix Docs

Learn what type of HTTP command WebGoat used for this lesson. Discover the solution to the HTTP quiz we offered as part of our web application security course

The Quiz

What type of HTTP command did WebGoat use for this lesson. A POST or a GET.


Turn on Show Parameters or other features.

Try to intercept the request with ZAP


The HTTP request observed in the previous exercise was a POST message. The magic number is hidden in the web page's JavaScript. One of the methods to view this is to right click on the web page and select "Inspect".

In the "Body" section, search for the phrase "magic" until you identify the value stored by the hidden magic_num field.

Further training

Visit to find out more about our Application Security training courses. We also offer (ISC)² Official training for CISSP, SSCP, CCSP and CSSLP certifications.

Last updated