In revision.

Section 07 of 10

Security & Crypto

HMAC, VAPID, JWT, OAuth, TLS - so the VAPID inversion never happens again.

  1. 7.1

    Public/private key crypto

    Crisp →Deep dive →
  2. 7.2

    HMAC signatures

    Crisp →Deep dive →
  3. 7.3

    VAPID and web push (the Spur mistake)

    Crisp →Deep dive →
  4. 7.4

    JWT tokens

    Crisp →Deep dive →
  5. 7.5

    OAuth 2 flows

    Crisp →Deep dive →
  6. 7.6

    TLS deep dive

    Crisp →Deep dive →
  7. 7.7

    CSRF, XSS, SSRF

    Crisp →Deep dive →
  8. 7.8

    OWASP top 10

    Crisp →Deep dive →
  9. 7.9

    Webhook signature verification

    Crisp →Deep dive →
  10. 7.10

    Secrets management

    Crisp →Deep dive →