commit 15f7c003492c17cb242fcde2a33307c8261f99be Author: Elias F. Date: Mon Nov 10 14:24:47 2025 +0000 Created README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..d6518cb --- /dev/null +++ b/README.md @@ -0,0 +1,106 @@ + +# Web Development Essentials + +Quick reference for modern web development: client-server architecture, setup, and security. + +--- + +## 🌐 Client-Server + +### HTTP Cycle +1. **Request**: Browser → server (GET, POST, PUT, DELETE, PATCH; headers; body) +2. **Processing**: Routing, logic, DB operations +3. **Response**: Status codes (2xx, 4xx, 5xx), headers, body (HTML/JSON/assets) + +### Network Layers + +``` + +App: HTTP/HTTPS, REST, GraphQL +Transport: TCP/UDP, WebSockets +Internet: IP routing, DNS +Link: Ethernet, WiFi, 5G + +``` + +### Web Servers +* **Nginx** – high performance, reverse proxy, load balancing +* **Apache** – flexible, mature +* **Caddy** – auto HTTPS +* **Cloudflare Workers** – edge/serverless + +--- + +## 🛠️ Dev Environment + +### Stack +* **Runtime**: Node.js 18+, PHP 8.1+, Python 3.11+, Docker/Podman +* **Web Server**: Nginx, Apache, Caddy +* **DB**: PostgreSQL 15+, MySQL 8+/MariaDB 10.8+, Redis, MongoDB +* **Tools**: IDEs (VS Code, Zed), extensions (languages, Docker, Git, DB) + +### Setup +**Docker:** + +```yaml +version: '3.8' +services: + +app: { build: ., ports: ['8080:80'] } +db: { image: postgres:15, environment: { POSTGRES_DB: myapp } } + +redis: { image: redis:7-alpine } +``` + +**Managed Services:** Vercel, Netlify, Heroku, Render, AWS, Azure, GCP +**Local:** `brew/apt install nginx postgresql redis` + +--- + +## ⚠️ Security Risks +1. **Phishing** – fake sites; prevent with HTTPS & verification +2. **Data Theft** – unauthorized access; prevent with encryption & access control +3. **SQL Injection** – malicious input; prevent with prepared statements +4. **XSS** – script injection; prevent with output encoding +5. **Session Hijacking** – stolen sessions; prevent with secure cookies & HTTPS +6. **DoS/DDoS** – overload server +7. **CSRF** – trick users; prevent with CSRF tokens +8. **File Inclusion** – LFI/RFI attacks + +--- + +## 🛡️ Protection +**Encryption:** HTTPS/TLS, data-at-rest encryption +**Auth:** MFA, strong passwords, RBAC +**Validation:** Input validation, prepared statements, output encoding +**Sessions:** HTTP-only, Secure cookies, session regeneration +**Headers:** CSP, X-Frame-Options, X-XSS-Protection, HSTS +**Monitoring:** Logging, audits, intrusion detection +**Updates:** Software patching, dependency management +**Prepared Statement Example:** +```php +$stmt = $pdo->prepare("SELECT * FROM users WHERE email = ?"); +$stmt->execute([$email]); +$user = $stmt->fetch(); +``` + +--- + +## ✅ Best Practices +* Validate & sanitize input +* Use prepared statements +* Enforce HTTPS +* Strong auth (MFA, secure passwords) +* Security headers +* Keep software updated +* Monitor & log activity +* Least privilege +* Regular audits & pentests +* Backup & recovery +--- + +## 📚 Resources +* [OWASP Top 10](https://owasp.org/www-project-top-ten/) +* [PHP Security](https://www.php.net/manual/en/security.php) +* [Mozilla Web Security](https://infosec.mozilla.org/guidelines/web_security) +* [CWE](https://cwe.mitre.org/)