Books & Videos

Table of Contents

  1. Chapter 1 Introduction

    1. The Problems with Current Security Models

    2. The Weakest Link: Human Beings

    3. Understanding Entropy in Password Security

    4. Breaking Down System Usage of a Username and Password

    5. Securing Our Current Standards for Identity

    6. What Data Should Be Protected?

    7. Next Up

  2. Chapter 2 Password Encryption, Hashing, and Salting

    1. Data at Rest Versus Data in Motion

    2. Password Attack Vectors

    3. Salting

    4. Peppering

    5. Choosing the Right Password Hashing Function

    6. Key Stretching

    7. Recomputing Hashes

    8. Next Steps

  3. Chapter 3 Identity Security Fundamentals

    1. Understanding Various Identity Types

    2. Enhancing User Experience by Utilizing Identity

    3. Introducing Trust Zones

    4. Browser Fingerprinting

    5. Location-Based Tracking

    6. Device Fingerprinting (Phone/Tablet)

    7. Device Fingerprinting (Bluetooth Paired Devices)

    8. Implementing Identity

  4. Chapter 4 Securing the Login with OAuth 2 and OpenID Connect

    1. The Difference Between Authentication and Authorization

    2. What Are OAuth and OpenID Connect?

    3. Security Considerations Between OAuth 2 and OAuth 1.0a

    4. Building an OAuth 2.0 Server

    5. Creating the Express Application

    6. Setting Up Our Server’s Database

    7. Adding OpenID Connect Functionality to the Server

    8. Building an OAuth 2 Client

    9. Adding OpenID Connect Functionality to the Client

    10. Beyond OAuth 2.0 and OpenID Connect

  5. Chapter 5 Alternate Methods of Identification

    1. Device and Browser Fingerprinting

    2. Two-Factor Authentication and n-Factor Authentication

    3. Biometrics as Username Instead of Password

    4. How to Rate Biometric Effectiveness

    5. Upcoming Standards

  6. Chapter 6 Hardening Web Applications

    1. Securing Sessions

    2. Handling XSS

    3. CSRF Attacks

    4. Valuable Resources for Node

    5. Other Mitigation Techniques

    6. Our Findings

  7. Chapter 7 Data Transmission Security

    1. SSL/TLS

    2. Asyncronous Cryptography

    3. Synchronous Cryptography

  8. Appendix GitHub Repositories

  9. Appendix Technical Preconditions and Requirements

    1. On ES6/ES2015

    2. Setting Up Your Node.js Environment

    3. Managing Node Versions or Alternative Installations

    4. Installing the Express Generator

    5. Setting Up Express

    6. Creating and Maintaining Your package.json File

    7. Application Configuration

    8. Working with JSON/URL-Encoded Bodies in Express