Librería Portfolio

Developers, designers, engineers, and creators can no longer afford to pass responsibility for identity and data security onto others. Web developers who don't understand how to obscure data in transmission, for instance, can open security flaws on a site without realizing it. With this practical guide, you'll learn how and why everyone working on a system needs to ensure that users and data are protected.

Authors Jonathan LeBlanc and Tim Messerschmidt provide a deep dive into the concepts, technology, and programming methodologies necessary to build a secure interface for data and identity-without compromising usability. You'll learn how to plug holes in existing systems, protect against viable attack vectors, and work in environments that sometimes are naturally insecure.

Understand the state of web and application security today
Design security password encryption, and combat password attack vectors
Create digital fingerprints to identify users through browser, device, and paired device detection
Build secure data transmission systems through OAuth and OpenID Connect
Use alternate methods of identification for a second factor of authentication
Harden your web applications against attack
Create a secure data transmission system using SSL/TLS, and synchronous and asynchronous cryptography



Chapter 1Introduction
The Problems with Current Security Models
The Weakest Link: Human Beings
Understanding Entropy in Password Security
Breaking Down System Usage of a Username and Password
Securing Our Current Standards for Identity
What Data Should Be Protected?
Next Up
Chapter 2Password Encryption, Hashing, and Salting
Data at Rest Versus Data in Motion
Password Attack Vectors
Salting
Peppering
Choosing the Right Password Hashing Function
Key Stretching
Recomputing Hashes
Next Steps
Chapter 3Identity Security Fundamentals
Understanding Various Identity Types
Enhancing User Experience by Utilizing Identity
Introducing Trust Zones
Browser Fingerprinting
Location-Based Tracking
Device Fingerprinting (Phone/Tablet)
Device Fingerprinting (Bluetooth Paired Devices)
Implementing Identity
Chapter 4Securing the Login with OAuth 2 and OpenID Connect
The Difference Between Authentication and Authorization
What Are OAuth and OpenID Connect?
Security Considerations Between OAuth 2 and OAuth 1.0a
Building an OAuth 2.0 Server
Creating the Express Application
Setting Up Our Server's Database
Adding OpenID Connect Functionality to the Server
Building an OAuth 2 Client
Adding OpenID Connect Functionality to the Client
Beyond OAuth 2.0 and OpenID Connect
Chapter 5Alternate Methods of Identification
Device and Browser Fingerprinting
Two-Factor Authentication and n-Factor Authentication
Biometrics as Username Instead of Password
How to Rate Biometric Effectiveness
Upcoming Standards
Chapter 6Hardening Web Applications
Securing Sessions
Handling XSS
CSRF Attacks
Valuable Resources for Node
Other Mitigation Techniques
Our Findings
Chapter 7Data Transmission Security
SSL/TLS
Asyncronous Cryptography
Synchronous Cryptography
Appendix GitHub Repositories
Appendix Technical Preconditions and Requirements
On ES6/ES2015
Setting Up Your Node.js Environment
Managing Node Versions or Alternative Installations
Installing the Express Generator
Setting Up Express
Creating and Maintaining Your package.json File
Application Configuration
Working with JSON/URL-Encoded Bodies in Express