Cybersecurity Fundamentals

Lesson 7 of 9Grades 9–12

Security is not an optional feature — it is a fundamental engineering discipline. Every application you build will face adversaries. Understanding how attacks work is the first step to defending against them.

Key Concepts

The CIA Triad

Security goals are: Confidentiality (data only accessible to authorized parties), Integrity (data not tampered with), Availability (system accessible when needed). Every security measure protects one or more of these. Encryption protects confidentiality. Checksums protect integrity. Redundancy protects availability.

Common Attacks

SQL Injection: inserting SQL code through user input to manipulate the database. XSS (Cross-Site Scripting): injecting JavaScript into pages to run in other users' browsers. CSRF: tricking a logged-in user's browser into making unauthorized requests. Buffer overflow: writing past the end of a buffer to overwrite memory. Understanding attacks helps you prevent them.

Defense in Depth

No single defense is perfect. Layer them: validate all inputs, use prepared statements, sanitize output, enforce least privilege (users only get the access they need), keep software updated, use HTTPS everywhere, log and monitor. Assume breach — detect and respond quickly when defenses fail.

🆕 SQL Injection Demo

See how SQL injection works — and how prepared statements stop it.

❌ Vulnerable Code

        $q = "SELECT * FROM users
WHERE user='" + $_POST['user'] + "'";

        // User input goes directly into SQL!
      

✅ Safe Code

        $stmt = $pdo->prepare(

         "SELECT * FROM users

         WHERE user = ?");

        $stmt->execute([$_POST['user']]);

Try these attack inputs in the vulnerable login:

✅ Check Your Understanding

1. What does the CIA triad stand for in security?

2. What does SQL injection do?

3. What is 'defense in depth'?