Cybersecurity Basics

Last updated: 2025-09-25 02:29:54

Essential Cybersecurity Concepts

Understanding security fundamentals is crucial for any developer.

Common Attack Vectors

• SQL Injection: Malicious SQL code injection
• XSS (Cross-Site Scripting): Malicious script execution
• CSRF (Cross-Site Request Forgery): Unauthorized actions
• Man-in-the-Middle: Intercepting communications

Input Validation (PHP)

<?php
// Sanitize input
$email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
    die('Invalid email format');
}

// Escape output
$name = htmlspecialchars($_POST['name'], ENT_QUOTES, 'UTF-8');
echo "Hello, " . $name;

// Prepared statements
$stmt = $pdo->prepare('SELECT * FROM users WHERE email = ?');
$stmt->execute([$email]);
?>

Password Security

<?php
// Hash password
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);

// Verify password
if (password_verify($_POST['password'], $stored_hash)) {
    // Login successful
}

// Generate secure random token
$token = bin2hex(random_bytes(32));
?>

HTTPS and SSL/TLS

// Force HTTPS redirect
if (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] !== 'on') {
    $redirect_url = 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
    header('Location: ' . $redirect_url, true, 301);
    exit;
}

// Security headers
header('Strict-Transport-Security: max-age=31536000; includeSubDomains');
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: SAMEORIGIN');
header('X-XSS-Protection: 1; mode=block');