Module 10: Cybersecurity & Modern JavaScript (ES6)

Agile Project Management

Agile is a project management approach that values individuals and interactions, working software, customer collaboration, and responding to change. Two common Agile frameworks are:

• Scrum: Uses fixed-length sprints (e.g., 2 weeks), daily stand-ups, a product backlog, sprint planning, and retrospectives. Roles include Scrum Master and Product Owner.
• Kanban: A visual workflow approach using a board with columns (e.g., "To Do", "In Progress", "Done"). Work is pulled through the system without fixed-length sprints.

Scrum emphasizes structured roles and timelines, while Kanban focuses on continuous delivery and limiting work-in-progress.

HTTP vs HTTPS

HTTP (Hypertext Transfer Protocol) is a communication protocol for web requests. It sends data in plaintext, which can be intercepted.

HTTPS is the secure version of HTTP. It uses SSL/TLS encryption to protect data between the browser and server.

• Encrypts sensitive data like passwords and credit cards
• Prevents man-in-the-middle attacks
• Improves trust (browsers show a padlock)

Always use HTTPS when sending login info or handling user data.

How to Securely Send a Request

• Always use https:// in API requests
• Use tokens (JWT, OAuth) to authenticate users
• Set HTTP-only, Secure cookies to prevent JS access
• Enable CORS properly to control allowed origins

// Example: Sending a secure fetch request
fetch("https://api.example.com/data", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    "Authorization": "Bearer yourTokenHere"
  },
  body: JSON.stringify({ name: "Alex" })
});
    

Preventing Form Spam

To reduce spam and abuse in web forms, consider these protections:

• reCAPTCHA: Use Google's invisible reCAPTCHA to verify humans
• Input validation: Sanitize and validate inputs server-side
• Rate limiting: Limit requests per IP (e.g., 10 per minute)
• CSRF protection: Use tokens to ensure requests are coming from trusted sessions
• Honeypots: Hidden fields that bots fill but users never see

Hashing

Hashing is a one-way transformation of data to a fixed output. It’s used for securely storing passwords and ensuring data integrity.

• SHA-256 is a common secure hashing algorithm
• Hashes are irreversible and unique (ideally)
• Used in digital signatures, password storage, etc.

ES6: Template Literals

Template literals let you embed expressions and span multiple lines using backticks:

ES6: Destructuring

Destructuring lets you unpack values from arrays or objects into variables.

ES6: Spread & Rest

Spread copies values into a new array/object. Rest collects multiple values into one.

ES6: Arrow Functions

Arrow functions are shorter and use the outer this context.

ES6: Closures

Closures let inner functions access variables from the outer scope even after the outer function has finished running.

ES6: Scope Differences

var is function-scoped. let and const are block-scoped. Use const by default.