zanex/Grundlagen-zur-WebEntwicklung
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Created README.md

Browse Source
This commit is contained in:
Elias F.
2025-11-10 14:24:47 +00:00
commit 15f7c00349
1 changed files with 106 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

106
README.md Normal file
View File

@@ -0,0 +1,106 @@
# Web Development Essentials
Quick reference for modern web development: client-server architecture, setup, and security.
---
## 🌐 Client-Server
### HTTP Cycle
1. **Request**: Browser → server (GET, POST, PUT, DELETE, PATCH; headers; body)
2. **Processing**: Routing, logic, DB operations
3. **Response**: Status codes (2xx, 4xx, 5xx), headers, body (HTML/JSON/assets)
### Network Layers
```
App: HTTP/HTTPS, REST, GraphQL
Transport: TCP/UDP, WebSockets
Internet: IP routing, DNS
Link: Ethernet, WiFi, 5G
```
### Web Servers
* **Nginx** high performance, reverse proxy, load balancing
* **Apache** flexible, mature
* **Caddy** auto HTTPS
* **Cloudflare Workers** edge/serverless
---
## 🛠️ Dev Environment
### Stack
* **Runtime**: Node.js 18+, PHP 8.1+, Python 3.11+, Docker/Podman
* **Web Server**: Nginx, Apache, Caddy
* **DB**: PostgreSQL 15+, MySQL 8+/MariaDB 10.8+, Redis, MongoDB
* **Tools**: IDEs (VS Code, Zed), extensions (languages, Docker, Git, DB)
### Setup
**Docker:**
```yaml
version: '3.8'
services:
app: { build: ., ports: ['8080:80'] }
db: { image: postgres:15, environment: { POSTGRES_DB: myapp } }
redis: { image: redis:7-alpine }
```
**Managed Services:** Vercel, Netlify, Heroku, Render, AWS, Azure, GCP
**Local:** `brew/apt install nginx postgresql redis`
---
## ⚠️ Security Risks
1. **Phishing** fake sites; prevent with HTTPS & verification
2. **Data Theft** unauthorized access; prevent with encryption & access control
3. **SQL Injection** malicious input; prevent with prepared statements
4. **XSS** script injection; prevent with output encoding
5. **Session Hijacking** stolen sessions; prevent with secure cookies & HTTPS
6. **DoS/DDoS** overload server
7. **CSRF** trick users; prevent with CSRF tokens
8. **File Inclusion** LFI/RFI attacks
---
## 🛡️ Protection
**Encryption:** HTTPS/TLS, data-at-rest encryption
**Auth:** MFA, strong passwords, RBAC
**Validation:** Input validation, prepared statements, output encoding
**Sessions:** HTTP-only, Secure cookies, session regeneration
**Headers:** CSP, X-Frame-Options, X-XSS-Protection, HSTS
**Monitoring:** Logging, audits, intrusion detection
**Updates:** Software patching, dependency management
**Prepared Statement Example:**
```php
$stmt = $pdo->prepare("SELECT * FROM users WHERE email = ?");
$stmt->execute([$email]);
$user = $stmt->fetch();
```
---
## ✅ Best Practices
* Validate & sanitize input
* Use prepared statements
* Enforce HTTPS
* Strong auth (MFA, secure passwords)
* Security headers
* Keep software updated
* Monitor & log activity
* Least privilege
* Regular audits & pentests
* Backup & recovery
---
## 📚 Resources
* [OWASP Top 10](https://owasp.org/www-project-top-ten/)
* [PHP Security](https://www.php.net/manual/en/security.php)
* [Mozilla Web Security](https://infosec.mozilla.org/guidelines/web_security)
* [CWE](https://cwe.mitre.org/)