Security Is Putting Your Users First
2:40 with Kenneth LoveLet's talk about what we mean by security in this course and what we'll cover.
This video doesn't have any notes.
Hi, I'm Kenneth, one of the biggest
challenges we all have as developers,
is making sure that we
keep our users secure.
Most users expect us as the people
making the software they use every day,
to keep them secure in two specific ways,
the data they send to us and
each other shouldn't be snooped on, and the data they
store with us should be read only by us.
We also have one other area we definitely
need to be concerned with, and
that's preventing attacks, or minimizing
any damage done by those attacks.
How many of us have had their email
address or password leaked from an attack?
I bet every single one
of you nodded just then.
Security, as you may or
may not be aware, is a very rapidly
shifting part of our world.
New forms of attacks spring up everyday.
Old best practices are found to be
vulnerable due to advances in hardware And
other developers, and companies,
find better ways to keep information safe.
Since this is such
a rapidly evolving area,
I won't be giving you
specific code to use.
Instead, I'll be sharing effective tools,
approaches, and resources.
You can use these as a jumping off
place for your own research and
implementations in your language or
framework of choice.
Yeah, I know it sounds like
I'm just giving you homework.
But wouldn't you rather do that research
than implement something now and
ignore it for
a year until it's compromised, and
you have to tell your customers that
the passwords have been leaked.
Yeah, I'd rather do the googling too.
To save you some time, though, be sure to
check the teacher's notes in each video,
where I'll be putting links
to resources online and
here at Treehouse to help you on your way.
There are many different attack vectors
that you may need to be worried about.
Especially when dealing
with storing data and
between your users.
The ones we're going to
cover in this course are.
Hashing to keep secrets from everyone and
to verify content.
Encryption to keep sensitive data
locked away from unauthorized eyes.
Identifying and validating users.
What data you should not store and more.
This is a vast topic area.
Security and data security both.
So we can't hope to cover
everything in just one course.
As we go through this course I'll point
out places where other teachers or
myself will cover topics
in greater detail.
Either because they're just too big and
demand a course of their own or because
they're addressed in specific ways in each
language framework Another thing we will
be talking about is risk assessment and
management and reducing your tax services.
Knowing where you're likely to be
attacked is a great first step to
making sure your data and
communications are safe as possible.
One of the roles l try to defy as
customer security is concerned,
is that am not being paranoid enough.
Now, this doesn't mean I walk around with
a tin foil hat on or anything like that.
But just a general awareness that anything
that can be used to attack a system
will eventually be used to attack it.
But the cool thing is if you
know an attack can happen
you can take steps to prevent it.
Yeah you're worried about lots of things
but you can also be empowered and
confident that you're
taking steps against them.
On that note let's get started
by talking about risks.
You need to sign up for Treehouse in order to download course files.