Introduction To Web Security | Cyber Security Tutorial - Learn with VOKS
Advance AI Bootstrap C C++ Computer Vision Content Writing CSS Cyber Security Data Analysis Deep Learning Email Marketing Excel Figma HTML Java Script Machine Learning MySQLi Node JS PHP Power Bi Python Python for AI Python for Analysis React React Native SEO SMM SQL
Back Next
Cyber Security
01. Introduction 02. Types of Cyber Threats 03. Cyber Security Domains 04. CIA Triad (Confidentiality Integrity Availability) 05. Career paths in Cyber Security 06. Certifications 07. Ethics and Responsible Disclosure 08. Laws and Regulation (e.g. GDPR, NDPR) 09. What is an OS? 10. Types: Window, Linus, macOS 11. Command-line vs GUI 12. OS Internals Overview (filesystems, processes, permissions) 13. Windows command prompt basics 14. Linux Bash Basics 15. File System Navigation 16. Basic Scripting 17. IP Addressing 18. DNS, DHCP 19. Mac Address 20. OSI VS TCP/IP Models 21. Ports and Protocols (TCP, UDP) 22. Common Protocols (HTTPS, FTP, SSH, etc.) 23. Packet structure 24. Firewalls, IDS/IPS, VPNs 25. Common attacks: MITM, Sniffing 26. Secure Network Practices 27. How the Web works 28. HTTP vs HTTPS 29. URLs, Headers, Cookies 30. Client-Server Architecture 31. Introduction To Web Security 32. OWASP Top 10 Overview 33. Common Threats (XSS, SQLi, CSRF) 34. Inpute validation and authentication flow 35. Basic Exploitation demo (e.g. XSS) 36. Burp Suite Introduction 37. Using a Browser For Testing 38. Password security 39. MFA-Antivirus 40. Cyber Hygeine Practice 41. Intro To Tools: Nmap, Wireshark, Netstat

Introduction To Web Security

Introduction To Web Security

Web Security is the practice of protecting websites, web applications, and users from cyber threats.

Every time you visit a website, enter a password, submit a form, or make a payment, security mechanisms are working in the background to protect your data.

What Is Web Security

Web Security refers to the protective measures taken to:

  • Prevent unauthorized access
  • Protect sensitive information
  • Ensure data integrity
  • Maintain availability of services

Web security focuses specifically on applications that run in web browsers and communicate over the internet.

Why Web Security Is Important

Web applications often handle:

  • Usernames and passwords
  • Personal information
  • Credit card numbers
  • Business data
  • Private messages

If a web application is not secure:

  • Data can be stolen
  • Accounts can be hijacked
  • Websites can be defaced
  • Services can be shut down

Security protects both users and organizations.

Core Security Goals (CIA Triad)

There are three main goals in security:

Confidentiality

Only authorized people can access information.

Integrity

Data cannot be modified without authorization.

Availability

Systems remain accessible and functional.

Web security aims to achieve all three.

Common Web Threats

Understanding threats helps us understand protection.

Injection Attacks

Attackers insert malicious code into input fields.

Cross-Site Scripting (XSS)

Attackers inject scripts into web pages viewed by other users.

Cross-Site Request Forgery (CSRF)

Attackers trick users into performing unwanted actions.

Session Hijacking

Attackers steal session cookies to impersonate users.

Man-In-The-Middle (MITM)

Attackers intercept communication between user and server.

Example Of An Injection Vulnerability

Imagine a login system that directly inserts user input into a database query.

Unsafe example:

username = input("Enter username: ")
password = input("Enter password: ")

query = "SELECT * FROM users WHERE username = '" + username + "' AND password = '" + password + "'"
print(query)

If a user enters malicious input, the query can be manipulated.

This is dangerous because user input is not validated or sanitized.

Secure Coding Practice Example

Safer version using parameterized queries (conceptual example):

username = input("Enter username: ")
password = input("Enter password: ")

query = "SELECT * FROM users WHERE username = ? AND password = ?"
print("Using parameterized query:", query)

Parameterized queries prevent user input from being treated as executable code.

Importance Of HTTPS

Websites must use HTTPS instead of HTTP.

HTTPS:

  • Encrypts data
  • Protects login credentials
  • Prevents eavesdropping
  • Verifies server identity

Without HTTPS, data travels in plain text.

Authentication And Authorization

Authentication

Verifies who the user is.

Example:

Logging in with username and password.

Authorization

Determines what the user is allowed to do.

Example:

Admin can delete users.

Regular user cannot.

Both are essential for security.

Password Security

Weak passwords are a major security risk.

Best practices:

  • Minimum 12 characters
  • Use letters, numbers, symbols
  • Do not reuse passwords
  • Use password hashing on servers

Example of hashing (conceptual):

import hashlib

password = "my_secure_password"
hashed_password = hashlib.sha256(password.encode()).hexdigest()

print(hashed_password)

Hashing ensures the server does not store plain text passwords.

Session Management

After login, servers create a session.

The session is usually stored in a cookie.

Example cookie:

Set-Cookie: session_id=abc123; HttpOnly; Secure

Best practices:

  • Use HttpOnly flag
  • Use Secure flag
  • Regenerate session IDs after login
  • Expire sessions after inactivity

Input Validation

All user input must be validated.

Example of simple input validation:

age = input("Enter age: ")

if age.isdigit():
    print("Valid age")
else:
    print("Invalid input")

Never trust user input.

Validate on both client and server sides.

Security Headers

Web servers can send special headers to improve security.

Examples:

Content-Security-Policy

Prevents unauthorized scripts.

X-Frame-Options

Prevents clickjacking.

Strict-Transport-Security

Forces HTTPS usage.

Example:

Content-Security-Policy: default-src 'self'
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000

Regular Updates And Patch Management

Many attacks target outdated software.

Best practices:

  • Update frameworks
  • Update plugins
  • Update server software
  • Apply security patches

Unpatched systems are vulnerable systems.

Principle Of Least Privilege

Users and applications should only have the permissions they need.

Example:

  • A normal user should not have admin rights.
  • A web app should not have full database access unless necessary.

Limiting privileges reduces damage if compromised.

Logging And Monitoring

Security is not only prevention.

It also includes detection.

Monitor:

  • Failed login attempts
  • Unusual traffic spikes
  • Suspicious file uploads

Logs help identify and respond to attacks.

Defense In Depth

Web security should use multiple layers:

  • HTTPS
  • Secure coding
  • Firewalls
  • Authentication controls
  • Monitoring
  • Backups

No single control is enough.

Layered security reduces risk.

Example Code:
# Unsafe SQL query example
username = input("Enter username: ")
password = input("Enter password: ")
query = "SELECT * FROM users WHERE username = '" + username + "' AND password = '" + password + "'"
print(query)

# Safer parameterized query example
username = input("Enter username: ")
password = input("Enter password: ")
query = "SELECT * FROM users WHERE username = ? AND password = ?"
print("Using parameterized query:", query)

# Password hashing example
import hashlib
password = "my_secure_password"
hashed_password = hashlib.sha256(password.encode()).hexdigest()
print(hashed_password)

# Simple input validation
age = input("Enter age: ")
if age.isdigit():
    print("Valid age")
else:
    print("Invalid input")

# Example secure headers
Content-Security-Policy: default-src 'self'
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000

# Example secure cookie
Set-Cookie: session_id=abc123; HttpOnly; Secure
Cyber Security
Introduction Types of Cyber Threats Cyber Security Domains CIA Triad (Confidentiality Integrity Availability) Career paths in Cyber Security Certifications Ethics and Responsible Disclosure Laws and Regulation (e.g. GDPR, NDPR) What is an OS? Types: Window, Linus, macOS Command-line vs GUI OS Internals Overview (filesystems, processes, permissions) Windows command prompt basics Linux Bash Basics File System Navigation Basic Scripting IP Addressing DNS, DHCP Mac Address OSI VS TCP/IP Models Ports and Protocols (TCP, UDP) Common Protocols (HTTPS, FTP, SSH, etc.) Packet structure Firewalls, IDS/IPS, VPNs Common attacks: MITM, Sniffing Secure Network Practices How the Web works HTTP vs HTTPS URLs, Headers, Cookies Client-Server Architecture Introduction To Web Security OWASP Top 10 Overview Common Threats (XSS, SQLi, CSRF) Inpute validation and authentication flow Basic Exploitation demo (e.g. XSS) Burp Suite Introduction Using a Browser For Testing Password security MFA-Antivirus Cyber Hygeine Practice Intro To Tools: Nmap, Wireshark, Netstat
All Courses
Advance AI Bootstrap C C++ Computer Vision Content Writing CSS Cyber Security Data Analysis Deep Learning Email Marketing Excel Figma HTML Java Script Machine Learning MySQLi Node JS PHP Power Bi Python Python for AI Python for Analysis React React Native SEO SMM SQL