zanex/Grundlagen-zur-WebEntwicklung
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
Grundlagen-zur-WebEntwicklung/README.md
Elias F. 1df292ceea Update README.md
2025-11-10 14:32:24 +00:00

98 lines
2.7 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
## 🌐 Client-Server
### HTTP Cycle
1. **Request**: Browser → server (GET, POST, PUT, DELETE, PATCH; headers; body)
2. **Processing**: Routing, logic, DB operations
3. **Response**: Status codes (2xx, 4xx, 5xx), headers, body (HTML/JSON/assets)
### Network Layers
```
App: HTTP/HTTPS, REST, GraphQL
Transport: TCP/UDP, WebSockets
Internet: IP routing, DNS
Link: Ethernet, WiFi, 5G
```
### Web Servers
* **Nginx** high performance, reverse proxy, load balancing
* **Apache** flexible, mature
* **Caddy** auto HTTPS
* **Cloudflare Workers** edge/serverless
---
## 🛠️ Dev Environment
### Stack
* **Runtime**: Node.js 18+, PHP 8.1+, Python 3.11+, Docker/Podman
* **Web Server**: Nginx, Apache, Caddy
* **DB**: PostgreSQL 15+, MySQL 8+/MariaDB 10.8+, Redis, MongoDB
* **Tools**: IDEs (VS Code, Zed), extensions (languages, Docker, Git, DB)
### Setup
**Docker:**
```yaml
version: '3.8'
services:
app: { build: ., ports: ['8080:80'] }
db: { image: postgres:15, environment: { POSTGRES_DB: myapp } }
redis: { image: redis:7-alpine }
```
**Managed Services:** Vercel, Netlify, Heroku, Render, AWS, Azure, GCP
**Local:** `brew/apt install nginx postgresql redis`
---
## ⚠️ Security Risks
1. **Phishing** fake sites; prevent with HTTPS & verification
2. **Data Theft** unauthorized access; prevent with encryption & access control
3. **SQL Injection** malicious input; prevent with prepared statements
4. **XSS** script injection; prevent with output encoding
5. **Session Hijacking** stolen sessions; prevent with secure cookies & HTTPS
6. **DoS/DDoS** overload server
7. **CSRF** trick users; prevent with CSRF tokens
8. **File Inclusion** LFI/RFI attacks
---
## 🛡️ Protection
**Encryption:** HTTPS/TLS, data-at-rest encryption
**Auth:** MFA, strong passwords, RBAC
**Validation:** Input validation, prepared statements, output encoding
**Sessions:** HTTP-only, Secure cookies, session regeneration
**Headers:** CSP, X-Frame-Options, X-XSS-Protection, HSTS
**Monitoring:** Logging, audits, intrusion detection
**Updates:** Software patching, dependency management
**Prepared Statement Example:**
```php
$stmt = $pdo->prepare("SELECT * FROM users WHERE email = ?");
$stmt->execute([$email]);
$user = $stmt->fetch();
```
---
## ✅ Best Practices
* Validate & sanitize input
* Use prepared statements
* Enforce HTTPS
* Strong auth (MFA, secure passwords)
* Security headers
* Keep software updated
* Monitor & log activity
* Least privilege
* Regular audits & pentests
* Backup & recovery
---
## 📚 Resources
* [OWASP Top 10](https://owasp.org/www-project-top-ten/)
* [PHP Security](https://www.php.net/manual/en/security.php)
* [Mozilla Web Security](https://infosec.mozilla.org/guidelines/web_security)
* [CWE](https://cwe.mitre.org/)
Reference in New Issue View Git Blame Copy Permalink