🎯 Learning Objectives
- Understand the fundamental concepts of cybersecurity
- Learn how the Internet works at a basic level
- Recognize the difference between HTTP and HTTPS
- Identify common cybersecurity threats
- Apply basic security best practices
Cybersecurity is the practice of protecting computer systems, networks, and data from unauthorized access, attacks, theft, and damage. It encompasses a wide range of technologies, processes, and practices designed to safeguard digital assets.
Ensuring that information is accessible only to those authorized to access it. Protects sensitive data from unauthorized disclosure.
Maintaining the accuracy and consistency of data. Ensures information has not been altered or tampered with.
Ensuring that authorized users have access to information and resources when needed.
The Internet is a global network of interconnected computers that communicate using standardized protocols. Understanding this foundation is crucial for cybersecurity.
Your computer contacts a DNS (Domain Name System) server to translate the human-readable domain name (example.com) into an IP address (like 93.184.216.34).
# Example DNS lookup
nslookup example.com
Server: 8.8.8.8
Address: 8.8.8.8#53
Name: example.com
Address: 93.184.216.34Your computer establishes a TCP (Transmission Control Protocol) connection with the target server using a three-way handshake:
SYN → (Client sends connection request)
SYN-ACK → (Server acknowledges)
ACK → (Client confirms)
→ Connection established!Your browser sends an HTTP request to the server asking for the webpage content.
GET /index.html HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0
Accept: text/htmlThe server sends back the requested content, and your browser renders the webpage for you to see.
Understanding the difference between HTTP and HTTPS is fundamental to web security.
HTTPS uses SSL (Secure Sockets Layer) or TLS (Transport Layer Security) certificates to establish secure connections. These certificates are issued by Certificate Authorities (CAs) like Let's Encrypt, DigiCert, or Comodo.
Malicious software designed to damage, disrupt, or gain unauthorized access to systems.
Deceptive attempts to obtain sensitive information by pretending to be a trustworthy entity.
Psychological manipulation to trick people into making security mistakes.
Attacker secretly intercepts communications between two parties.
import hashlib
import secrets
def check_password(password: str, stored_hash: str, salt: str) -> bool:
"""Verify a password against a stored hash."""
# Create hash with salt
password_hash = hashlib.pbkdf2_hmac(
'sha256',
password.encode('utf-8'),
salt.encode('utf-8'),
100000 # Number of iterations
)
return password_hash.hex() == stored_hash
# Example usage
salt = secrets.token_hex(16)
password = "MySecureP@ssw0rd!"
password_hash = hashlib.pbkdf2_hmac(
'sha256',
password.encode('utf-8'),
salt.encode('utf-8'),
100000
).hex()
print(f"Salt: {salt}")
print(f"Hash: {password_hash}")import ssl
import socket
def check_https(domain: str) -> dict:
"""Check if a domain supports HTTPS."""
result = {
'domain': domain,
'https_supported': False,
'ssl_grade': None,
'error': None
}
try:
# Create SSL context
context = ssl.create_default_context()
# Connect to the server
with socket.create_connection((domain, 443), timeout=10) as sock:
with context.wrap_socket(sock, server_hostname=domain) as ssock:
result['https_supported'] = True
result['ssl_grade'] = ssock.version()
result['cipher'] = ssock.cipher()
except Exception as e:
result['error'] = str(e)
return result
# Check example.com
check = check_https("example.com")
print(check)Create a secure login form with HTML5 security features:
Given the following URLs, identify which are secure and explain why:
http://bank.example.com/loginhttps://mail.google.com/mail/u/0/http://192.168.1.1/adminhttps://api.example.com/v1/usersCreate a Python script that checks whether a given list of websites supports HTTPS and reports the SSL certificate details.