The Developer’s Guide to Cryptography: Hash Functions and HMACs

So far, we've discussed the basics of encryption and symmetric encryption algorithms. Encryption is used to protect the confidentiality of data. Let's now take a small turn and look at protecting the integrity and authenticity of data. Encryption can protect data from being read while in transit. However, this does not prevent the data from …

Continue reading The Developer’s Guide to Cryptography: Hash Functions and HMACs

Advertisements

The Developer’s Guide to Encryption: Why ASP.NET Core 2 Gets It Right

Last time, we discussed what AES encryption looks like in Node.js. Now, to get a flavor of what other languages and frameworks do for AES encryption, we'll take a look at ASP.NET Core 2. I am excited with what ASP.NET Core and .NET Core in general do for C# and other Microsoft technologies. ASP.NET Core …

Continue reading The Developer’s Guide to Encryption: Why ASP.NET Core 2 Gets It Right

The Developer’s Guide to Encryption: AES in Node.js

The Advanced Encryption Standard, or AES, is the standard chosen by the U.S. government to protect messages with symmetric encryption. Understanding what AES does and how it works is important. So is understanding how to use is practically in a real program. We'll first take a look at the Node.js implementation of AES. For now, …

Continue reading The Developer’s Guide to Encryption: AES in Node.js

The Developer’s Guide to Encryption: Symmetric Encryption

So we already discussed the basics of cryptography. Now let’s take a look at the first family of major cryptographic algorithms, symmetric encryption algorithms. First, we’ll take a look at what the term “symmetric encryption” actually means. What is Symmetric Encryption? The term symmetric means “made up of exactly similar parts”. This hints at the …

Continue reading The Developer’s Guide to Encryption: Symmetric Encryption

The Developer’s Guide to Cryptography: The Basics

It is rare that a developer will finish his or her career without seeing, hearing about, or using cryptography. In today’s connected world, some form of cryptography is almost certainly a requirement for most applications. While you may need to use cryptography, how much do you actually understand it? If someone tells you that they …

Continue reading The Developer’s Guide to Cryptography: The Basics

Simple Programmer Contributor Post–Are DevOps and Security Compatible?

My latest contributor post for Simple Programmer is up! This month I discuss whether security and DevOps are at odds with each other. I describe The Three Ways of DevOps and how changing the way we think about application security will allow us to build even more secure software in the DevOps age. Check out …

Continue reading Simple Programmer Contributor Post–Are DevOps and Security Compatible?

Secure Your API in Node.js

The OWASP Top 10 2017 RC has two new entries that should be of great interest to any REST API developer. A4 – Broken Access Control A10 – Underprotected APIs Broken access control is a major problem. OWASP rates it as easily detectable, easily exploitable, and widespread across the Internet. Underprotected APIs refers to the …

Continue reading Secure Your API in Node.js