Introduction: User Authentication & Authorization in Express
Get an introduction to what you will learn about implementing user authentication and authorization in an Express application.
Start
Key Concepts
Review core concepts you need to learn to master this subject
Security Principle: CIA Triad
CIA Triad: Confidentiality
CIA Triad: Integrity
CIA Triad: Availability
Web Development & Security
Web Attacks & Damages
Cybersecurity: Part of the Development Process
OWASP Top Ten
Security Principle: CIA Triad
Security Principle: CIA Triad
One of the most important security principles is the CIA triad, which stands for Confidentiality, Availability, and Integrity.
OWASP Top 10
Lesson 1 of 1
- 1The OWASP Top Ten is a project maintained by the Open Web Application Security Project (OWASP). OWASP is a respected authority in the field of web security…
- 3The owners of the website made an effort to secure it, but security is only as strong as its weakest link. In this case, the weakest link was a “temporary” admin account that was created for use on…
- 4When data breaches happen, that’s not the end of the story. The stolen information gets sold and resold on the dark web, often ending up in sets of personal information known as fullz. Fullz cont…
- 5Computers take things very literally; give them an instruction and they’ll follow it exactly, even when it’s not actually what you wanted. Servers are computers that have been instructed to respond…
- 6We know not to trust user input, but the website doesn’t necessarily know not to trust user input. The webpages themselves were made securely, but none of the engineers ever bothered to ask “Isn’t …
- 7All the security software in the world won’t protect you if it isn’t properly configured. When the attacker started trying injection attacks, the alarms remained silent. When the attacker opened a …
- 8When a malicious hacker found a cross-site scripting vulnerability in a popular social media platform, they couldn’t pass up the opportunity: They crafted a self-sharing post that would rapidly spr…
- 9If there’s only one thing you take away from this lesson, let it be “Don’t trust user input”. Especially if that user input will interact directly with your server. Serialization is the process of…
- 10When it comes to vulnerabilities, the unknown is scary, but sometimes it’s the known you have to worry about. If an attacker wants to attack you with a new vulnerability, the attacker first has to …
- 11In security, knowledge is power. Knowing what’s going on within a system is important for detecting, preventing, and responding to attacks. Early detection can mean the difference between an incide…