Web Security

Web security is the practice of protecting web applications, users, and data from malicious access, misuse, or disruption.

Security failures damage trust, expose sensitive data, and can create legal, financial, and operational harm.

Authentication verifies who a user or system claims to be.

Authorization determines what an authenticated user is allowed to access or do.

It means giving users and systems only the minimum access needed to perform their tasks.

SQL injection is an attack where untrusted input changes a database query in unintended and dangerous ways.

Parameterized queries separate data from query structure so user input is not treated as executable SQL.

XSS is an attack where malicious script is injected into content that other users load in their browser.

Escaping ensures untrusted content is treated as text instead of executable HTML or JavaScript.

CSRF tricks a user's browser into sending a request they did not intend while already authenticated.

They prove that a state-changing request came from the legitimate application flow.

Input validation checks whether incoming data matches expected type, format, and constraints before it is processed.