Part 2 Cryptography foundations
Part 1 gave you the big picture of application security: who does what, where to focus your learning, and how all the pieces fit together. Now it’s time to zoom in on the foundation: the cryptographic algorithms themselves. These algorithms are the building blocks that make everything else in security possible.
Most developers encounter cryptography when a library throws a confusing error or when they’re told to “just add encryption.” The math can look intimidating, and the standards read like they’re written for rocket scientists. The goal of part 2 is to cut through that complexity. You’ll learn just enough to understand the foundations of cryptography in practice.
We’ll start with the basics: ensuring integrity and authenticity with hashes and hash-based message authentication codes (HMACs, covered in chapter 4). Then we’ll move into encryption with the Advanced Encryption Standard (AES, covered in chapter 5), learning how to protect confidentiality without falling into common traps. From there, you’ll explore public-key cryptography with Rivest–Shamir–Adleman (RSA; chapter 6) and elliptic curves (chapter 7), seeing how they solve the key-distribution problem and enable digital signatures.