1 Security today

Today more and more developers are becoming aware of security. It’s not, unfortunately, a common practice to take responsibility for security from the beginning of the development of a software application. This attitude should change, and everyone involved in developing a software system should learn to consider security from the start.

Generally, as developers, we start by learning that the purpose of an application is to solve business cases. This purpose refers to something where data could be processed somehow, persisted, and eventually displayed to the user in a specific way as specified by some requirements. This overview of software development, which is somehow imposed from the early ages of learning development, has the unfortunate disadvantage of hiding practices that are also part of the process. While the application works correctly from the user’s perspective, and in the end, it does what the user expects in terms of functionalities, there are lots of aspects hidden in the final result.

1.1      Spring Security - the what and the why

1.2      What is software security?

1.3      Why is security important?

1.4      Common security vulnerabilities in web applications

1.4.1   Vulnerabilities in authentication and authorization

1.4.2   What is session fixation?

1.4.3   What is cross-site scripting (XSS)?

1.4.4   What is cross-site request forgery (CSRF)?

1.4.5   Understanding injection vulnerabilities in web applications

1.4.6   Dealing with the exposure of sensitive data

1.4.7   What is the lack of method access control?

1.4.8   Using dependencies with known vulnerabilities

1.5      Security applied in various architectures

1.5.1   Designing a one-piece web application

1.5.2   Designing security for a backend/frontend separation

1.5.3   Understanding the OAuth2 flow

1.5.4   Using API keys, cryptographic signatures, and IP validation to secure requests

1.6      What will you learn in this book?

1.7      Summary