Web Hosting, Security and Modern Web

Web Hosting Types

• Shared hosting — cheap, many sites on one server; ideal for small static sites.
• VPS (Virtual Private Server) — dedicated resources on a virtualized host.
• Dedicated server — entire machine; highest cost.
• Cloud hosting — AWS, Azure, GCP: elastic, pay-as-you-go.
• Managed / PaaS — Heroku, Vercel, Netlify handle ops for you.
• Static hosting + CDN — GitHub Pages, Cloudflare Pages for JAMstack sites.

Domain Registration

A domain name (example.com) is rented through a registrar (GoDaddy, Namecheap, Cloudflare) for one or more years. DNS records in the registrar's control panel map the domain to your web server's IP.

Deployment Basics

1. Register domain, point DNS to server.
2. Upload files (FTP, Git, CI/CD pipeline).
3. Install application runtime (Node, PHP, Python).
4. Configure web server (Nginx/Apache) and SSL certificate.
5. Run database migrations.
6. Smoke-test and monitor.

SSL/TLS Certificates

A certificate proves your site's identity and enables HTTPS. Get a free cert from Let's Encrypt or buy from a commercial CA. Renew automatically with certbot. Modern browsers block or warn on non-HTTPS sites.

Web Security — OWASP Top Ten (abbreviated)

1. Broken Access Control — enforce permissions server-side.
2. Cryptographic Failures — hash passwords, encrypt data in transit.
3. Injection (SQL, command) — use parameterized queries.
4. Insecure Design — threat-model early.
5. Security Misconfiguration — remove defaults, patch.
6. Vulnerable Components — update dependencies.
7. Authentication Failures — rate-limit, MFA.
8. Data Integrity Failures — sign and verify updates.
9. Logging Failures — log and monitor suspicious events.
10. Server-Side Request Forgery (SSRF) — validate outbound URLs.

Common Attacks

• XSS (Cross-Site Scripting): attacker injects JavaScript through unescaped inputs.
• CSRF: attacker tricks a logged-in user's browser into performing actions.
• Clickjacking: overlay hidden UI on top of legitimate site; prevent with X-Frame-Options.
• DoS / DDoS: overwhelm server; use rate limiting and CDN.

Performance

• Use a CDN (Cloudflare, Fastly) for static assets.
• Minify HTML, CSS, JS; compress with gzip/brotli.
• Lazy-load images (loading="lazy").
• Cache aggressively with HTTP headers.
• Optimize database queries and add indexes.

Single Page Applications (SPA)

SPAs load one HTML shell and swap content via JavaScript. Frameworks: React, Vue, Angular, Svelte. Pros: smooth UX, app-like. Cons: initial JS bundle, SEO challenges, complexity.

Progressive Web Apps (PWA)

PWAs use a service worker to cache assets offline and a manifest to be installable on mobile. They combine web reach with app-like experience.

Responsive and Accessible Web

Design should adapt to phones, tablets, and desktops. Use semantic HTML, sufficient color contrast, keyboard navigation, and ARIA attributes so assistive technologies work.

SEO Basics

Help search engines rank your site:

• Descriptive <title> and meta description per page.
• Clean, semantic HTML.
• Fast page loads.
• Canonical URLs.
• Sitemap.xml and robots.txt.
• Quality backlinks and shareable content.

Modern Stacks

• LAMP — Linux + Apache + MySQL + PHP.
• MEAN / MERN — MongoDB + Express + Angular/React + Node.
• JAMstack — JavaScript + APIs + Markup, hosted on CDN.

Summary

Choosing hosting, securing the site with HTTPS, defending against OWASP risks, optimizing performance, and adopting modern patterns like PWAs and SPAs are all parts of delivering a production-grade web application.

Important Questions

1. Compare shared, VPS, dedicated, and cloud hosting.
2. Explain the role of a domain registrar.
3. Describe the steps of deploying a web application.
4. What is an SSL certificate? Why is it important?
5. Explain any five OWASP Top Ten risks.
6. Differentiate XSS, CSRF, and clickjacking.
7. What is a Progressive Web Application?
8. List five SEO best practices.