Security Is Putting Your Users First2:40 with Kenneth Love
Let's talk about what we mean by security in this course and what we'll cover.
[MUSIC] 0:00 Hi, I'm Kenneth, one of the biggest challenges we all have as developers, 0:04 is making sure that we keep our users secure. 0:08 Most users expect us as the people making the software they use every day, 0:11 to keep them secure in two specific ways, the data they send to us and 0:14 each other shouldn't be snooped on, and the data they store with us should be read only by us. 0:18 We also have one other area we definitely need to be concerned with, and 0:23 that's preventing attacks, or minimizing any damage done by those attacks. 0:26 How many of us have had their email address or password leaked from an attack? 0:31 I bet every single one of you nodded just then. 0:34 Security, as you may or 0:37 may not be aware, is a very rapidly shifting part of our world. 0:38 New forms of attacks spring up everyday. 0:42 Old best practices are found to be vulnerable due to advances in hardware And 0:44 other developers, and companies, find better ways to keep information safe. 0:47 Since this is such a rapidly evolving area, 0:51 I won't be giving you specific code to use. 0:53 Instead, I'll be sharing effective tools, approaches, and resources. 0:55 You can use these as a jumping off place for your own research and 0:58 implementations in your language or framework of choice. 1:01 Yeah, I know it sounds like I'm just giving you homework. 1:04 But wouldn't you rather do that research than implement something now and 1:06 ignore it for a year until it's compromised, and 1:09 you have to tell your customers that the passwords have been leaked. 1:10 Yeah, I'd rather do the googling too. 1:13 To save you some time, though, be sure to check the teacher's notes in each video, 1:15 where I'll be putting links to resources online and 1:18 here at Treehouse to help you on your way. 1:20 There are many different attack vectors that you may need to be worried about. 1:23 Especially when dealing with storing data and 1:26 enabling communications between your users. 1:28 The ones we're going to cover in this course are. 1:30 Hashing to keep secrets from everyone and to verify content. 1:32 Encryption to keep sensitive data locked away from unauthorized eyes. 1:36 Identifying and validating users. 1:39 What data you should not store and more. 1:41 This is a vast topic area. 1:45 Security and data security both. 1:46 So we can't hope to cover everything in just one course. 1:48 As we go through this course I'll point out places where other teachers or 1:51 myself will cover topics in greater detail. 1:54 Either because they're just too big and demand a course of their own or because 1:56 they're addressed in specific ways in each language framework Another thing we will 1:59 be talking about is risk assessment and management and reducing your tax services. 2:03 Knowing where you're likely to be attacked is a great first step to 2:07 making sure your data and communications are safe as possible. 2:10 One of the roles l try to defy as customer security is concerned, 2:14 is that am not being paranoid enough. 2:17 Now, this doesn't mean I walk around with a tin foil hat on or anything like that. 2:19 But just a general awareness that anything that can be used to attack a system 2:22 will eventually be used to attack it. 2:26 But the cool thing is if you know an attack can happen 2:27 you can take steps to prevent it. 2:30 Yeah you're worried about lots of things but you can also be empowered and 2:31 confident that you're taking steps against them. 2:34 On that note let's get started by talking about risks. 2:37
You need to sign up for Treehouse in order to download course files.Sign up