The Internet is a network of computers that communicate over predetermined protocols in order to reliablely send and recieve data (Internet Protocols). When talking about websites, HTTP and HTTPS are the protocols in charge of transfering web content to be interpreted by an Internet browser. In order to interact with the server, the web browser will send requests to a server by means of a URL in order to request particular content hosted by said server. Once the server parses the request, it will then respond with the appropriate content specified by the URL.
Vulnerabilities which exist in web applications typically occur when a server is sent a malicious URL that tricks the server into including a resource it was not intended to serve (See Directory Traversal), grant a user access to resources they should not have access to (See SQL Injection) and returning a response which contains user controlled code (See Cross site scripting)).
To fully understanding the attacks performed on web applications, it is suggested you develop your own website and perform source code auditing and penetration testing. This will not only show you how to exploit an insecure applicaiton, but also good web programming practices.