Part 2: Cryptography foundations
Part 1 gave you the big picture of application security — who does what, where to focus your learning, and how all the pieces fit together. Now it’s time to zoom in on the foundation: the cryptographic algorithms themselves. These are the building blocks that make everything else in security possible.
Most developers encounter cryptography when a library throws a confusing error or when they’re told to “just add encryption.” The math can look intimidating, and the standards read like they’re written for rocket scientists. The goal of Part 2 is to cut through that complexity. You’ll learn just enough to practically understand the cryptography foundation.
We’ll start with the basics: how to guarantee integrity and authenticity with hashes and HMACs (chapter 4). Then we’ll move into encryption with AES (chapter 5), learning how to protect confidentiality without falling into common traps. From there, you’ll explore public key cryptography with RSA (chapter 6) and elliptic curves (chapter 7), seeing how they solve the key distribution problem and enable digital signatures.
Along the way, the Acme Inc. case study will keep us grounded in real-world scenarios, with Java examples that you can run and adapt. By the end of Part 2, you’ll not only understand the essential algorithms behind modern security protocols, but you’ll also have the confidence to configure and use them correctly in your own systems.