20. Backend Security: Everything You Need to Know

Description

A comprehensive guide to backend security for engineers. Learn how attackers think and how to defend your applications. We cover: - SQL Injection & Command Injection - Password Storage (Hashing, Salting, Argon2) - Session Management & JWT Security - Authentication & Authorization Vulnerabilities - Cross-Site Scripting (XSS) - Rate Limiting & Security Misconfiguration Resources: - PortSwigger Web Security Academy: https://portswigger.net/web-security - OWASP Top 10: https://owasp.org/www-project-top-ten/ - OWASP Cheat Sheets: https://cheatsheetseries.owasp.org/ Timestamps: 0:00 Introduction to Security 4:36 Injection Attacks Overview 7:55 SQL Injection Deep Dive 29:27 Parameterized Queries (Prevention) 39:43 Command Injection 45:25 Authentication Security & Password Storage 1:07:17 Session Management & Cookie Security 1:24:02 JWT & Stateless Authentication 1:32:41 Rate Limiting Strategies 1:37:31 Authorization Vulnerabilities (BOLA/BFLA) 2:17:21 Cross-Site Scripting (XSS) 2:28:32 CSRF Overview 2:33:19 Security Misconfiguration 2:39:08 Security Mindset & Resources Join the Discord community: https://discord.gg/NXuybNcvVH #backend #nodejs #golang #softwareengineering Nerd out about the history of technologies here https://www.fascinatingtechhistory.xyz/