HTTPS / TLS
beginnerDefinition
The technology that puts the little padlock in your browser's address bar. It scrambles all the traffic between your device and the website, so anyone snooping on the connection, at a coffee shop, on a hotel Wi-Fi, only sees nonsense. It also confirms that the site really is who it claims to be, not an imitation.
In the wild
You log into your bank from an airport Wi-Fi network. Without HTTPS, anyone on the same network could read your username and password as they fly past. With HTTPS, all they see is a stream of unreadable noise. And the padlock in your browser is your reassurance it's working.
More from Security
Content Security Policy (CSP)
A whitelist that a website hands to the browser, saying 'only run code, fonts, and images from these places I trust: refuse anything else.' If an attacker manages to slip a sneaky script onto the page, the browser blocks it because it didn't come from an approved source.
CSRF (Cross-Site Request Forgery)
An attack that abuses the fact that you're already logged into a site. A different, sneaky page tricks your browser into sending a request to that trusted site on your behalf. And the site thinks it's you, because your login is still valid.
DDoS (Distributed Denial of Service)
An attack where a huge crowd of computers all hammer the same website at once, drowning it in fake traffic until real visitors can't get through. The attacker doesn't break in. They just make so much noise that nobody else can be heard.
Encryption vs Hashing
Two ways of protecting data, often confused. Encryption scrambles information with a key: anyone with the key can unscramble it later. Hashing is a one-way blender: it turns the data into a fixed scramble that can never be turned back. Payment details are encrypted (the company needs to read them). Passwords are hashed (nobody, not even the company, should be able to read them).
Input Sanitization
Carefully cleaning anything a visitor types into a website before doing anything with it: stripping out tricks, rejecting weird formats, and making sure the data is what you expected. It's the front-line defense against attackers who try to slip dangerous instructions into ordinary-looking form fields.
Multi-Factor Authentication (MFA)
Logging in with more than just a password. Usually it's something you know (the password) plus something you have (a phone, an authenticator app, a security key) or something you are (your fingerprint or face). Even if a thief steals your password, they can't get in without that second piece.