Introduction
No matter what you develop, application security, infrastructure security, and having proper authorization and authentication mechanisms are critical. The earlier you learn about them in your development career, the better. In addition, you should keep an eye on the latest public vulnerabilities and exploits to harden your apps and infrastructure.
Without adequately securing your apps and hardening the infrastructure that your apps are running on, you risk having vulnerabilities that will be exploited within a few minutes, if not seconds, as soon as your app is publicly available.
Here, you’ll find some bedtime reading to help you dive into the security rabbit hole.
Security Fundamentals
Books To Read
- Container Security: Fundamental Technology Concepts That Protect Containerized Applications
- The Tangled Web: A Guide to Securing Web Applications
Authentication Schemes
- HTTP Authentication
- HTTP Security Auth Schemes
- SAML
- Introduction to JSON Web Tokens
- An Introduction to OAuth 2
- OpenID Connect
- Swagger Authentication
Common Vulnerabilities
Checklists and Best Practices
- Single Page Web Application Security Cheat Sheet
- OWASP Top Ten
- OWASP Authentication Cheat Sheet
- OWASP Session Management Cheat Sheet
- HTTP Authentication Cheat Sheet
- Session Management Cheat Sheet
- How to Create Bulletproof Sessions
Conclusion
Security, authentication, authorization, and identity federation are vast subjects. This article provided you with some links and pointers that you might want to read to drill down further; however, it’s by no means a definitive list. That said, after consuming the material here, you’ll have adequate knowledge to do your research and build upon what you have learned here.
Have Something to Share?
If you have comments, suggestions, and resources to share, just email me at me@volkan.io, and I will update this page.
That’s all for now. I’ll update this page and add more to the list as I see more tools, resources, and techniques.
Until next time… May the source be with you 🦄.
