One of the first steps toward being a great web developer is understanding the fundamental principles of information security. Understanding security basics helps you understand the role and importance of security throughout the development lifecycle. This will help you avoid unnecessarily unsecured software, allowing attackers to exploit weaknesses for financial gain or other malicious purposes. Protect yourself and your users from these sorts of problems by gaining practical knowledge of security basics.
The Basic Concepts
These articles are currently being developed. They are intended for anyone to read, regardless of what security knowledge they may have. The articles should be read in sequence, because the articles farther down the list are dependent on concepts presented in earlier articles.
- 1. Confidentiality, Integrity, and Availability
- Describes the primary security objectives, which are absolutely fundamental to understanding security
- 2. Vulnerabilities
- Defines the major categories of vulnerabilities and discusses the presence of vulnerabilities in all software
- 3. Threats
- Briefly introduces major threat concepts
- 4. Security Controls
- Defines major categories of security controls and discusses their potential disadvantages
- 5. Risk
- Introduces the basic concepts behind cyber risk
- 6. Encryption and Decryption
- Explains the fundamentals of the most common types of encryption and decryption
- 7. Digital Signatures
- Provides a brief introduction to digital signatures
- 8. TCP/IP Security
- An overview of the TCP/IP model, with a focus on the security considerations for SSL
Applying Basic Concepts
Before reading articles in this section, you should have already read the basic concepts articles or have the equivalent security knowledge.
- Introduction to SSL
- This article is being rewritten.
- SSL and TLS
- This article provides a brief introduction to SSL and TLS, and their key exchange algorithms, RSA and ECC.
- Introduction to Public-Key Cryptography
- This article is being modularized.
For More Information
More advanced articles on web security are available throughout MDN: