Week 10

Security Mindset

Handling Sensitive Data

Authentication & Authorization

Session Management

JWT

Spring Security

Practice

Assignment

Back end Track

Under construction

<aside> 🚧

This page is currently under construction. Please check back later.

</aside>

Implementation plan:

  1. What is sensitive data — passwords, PII, tokens, keys
  2. Never store passwords in plain text
  3. Hashing vs encryption — conceptual difference
    1. Hashing: one-way, deterministic, used for passwords
    2. Encryption: reversible with a key, used for data in transit/at rest
  4. bcrypt — why it's recommended for password hashing
  5. Salt and work factor in bcrypt
  6. Implementing password hashing in Java with bcrypt
  7. What not to log (passwords, tokens, PII) — GDPR awareness
  8. Exercise: implement secure password storage

The HackYourFuture curriculum is licensed under CC BY-NC-SA 4.0

CC BY-NC-SA 4.0 Icons

*https://hackyourfuture.net/*

Found a mistake or have a suggestion? Let us know in the feedback form.