Preview
Video Player
00:00
00:00
Security Is Putting Your Users First
2:40Let's talk about what we mean by security in this course and what we'll cover.
[MUSIC]
0:00
Hi, I'm Kenneth, one of the biggest
challenges we all have as developers,
0:04
is making sure that we
keep our users secure.
0:08
Most users expect us as the people
making the software they use every day,
0:11
to keep them secure in two specific ways,
the data they send to us and
0:14
each other shouldn't be snooped on, and the data they
store with us should be read only by us.
0:18
We also have one other area we definitely
need to be concerned with, and
0:23
that's preventing attacks, or minimizing
any damage done by those attacks.
0:26
How many of us have had their email
address or password leaked from an attack?
0:31
I bet every single one
of you nodded just then.
0:34
Security, as you may or
0:37
may not be aware, is a very rapidly
shifting part of our world.
0:38
New forms of attacks spring up everyday.
0:42
Old best practices are found to be
vulnerable due to advances in hardware And
0:44
other developers, and companies,
find better ways to keep information safe.
0:47
Since this is such
a rapidly evolving area,
0:51
I won't be giving you
specific code to use.
0:53
Instead, I'll be sharing effective tools,
approaches, and resources.
0:55
You can use these as a jumping off
place for your own research and
0:58
implementations in your language or
framework of choice.
1:01
Yeah, I know it sounds like
I'm just giving you homework.
1:04
But wouldn't you rather do that research
than implement something now and
1:06
ignore it for
a year until it's compromised, and
1:09
you have to tell your customers that
the passwords have been leaked.
1:10
Yeah, I'd rather do the googling too.
1:13
To save you some time, though, be sure to
check the teacher's notes in each video,
1:15
where I'll be putting links
to resources online and
1:18
here at Treehouse to help you on your way.
1:20
There are many different attack vectors
that you may need to be worried about.
1:23
Especially when dealing
with storing data and
1:26
enabling communications
between your users.
1:28
The ones we're going to
cover in this course are.
1:30
Hashing to keep secrets from everyone and
to verify content.
1:32
Encryption to keep sensitive data
locked away from unauthorized eyes.
1:36
Identifying and validating users.
1:39
What data you should not store and more.
1:41
This is a vast topic area.
1:45
Security and data security both.
1:46
So we can't hope to cover
everything in just one course.
1:48
As we go through this course I'll point
out places where other teachers or
1:51
myself will cover topics
in greater detail.
1:54
Either because they're just too big and
demand a course of their own or because
1:56
they're addressed in specific ways in each
language framework Another thing we will
1:59
be talking about is risk assessment and
management and reducing your tax services.
2:03
Knowing where you're likely to be
attacked is a great first step to
2:07
making sure your data and
communications are safe as possible.
2:10
One of the roles l try to defy as
customer security is concerned,
2:14
is that am not being paranoid enough.
2:17
Now, this doesn't mean I walk around with
a tin foil hat on or anything like that.
2:19
But just a general awareness that anything
that can be used to attack a system
2:22
will eventually be used to attack it.
2:26
But the cool thing is if you
know an attack can happen
2:27
you can take steps to prevent it.
2:30
Yeah you're worried about lots of things
but you can also be empowered and
2:31
confident that you're
taking steps against them.
2:34
On that note let's get started
by talking about risks.
2:37