Spring security from basic to advanced level.
- Day by day security threats are increasing
- All day job - looking for loop holes
- examples of worst security incidents that cause financial losses
- OWASP
- antiviruses
- different levels/layers of security
- Authentication - Who are u ?? - Knowledge bases, possesion based, multi factor- k+p,
- authrization - what you are allowed to do? Principal - login then created
- session hijacking
- csrf
- dos attack
different characteristics
-
What's this all about - Theory
-
OAuth2 + spring security - Demo (Authentication with google/facebook/github)
-
Custom Auth Server - Client Credentials and password grant
-
Customize Auth Server to Generate JWT token
-
Custom Resource Server
-
Token Relay and making request to Resource server using Web Client
-
how the password is stored in db
-
different algorithm to secure password
Sample microservice handling all of this - >
-
User creation with default password
-
e-mail and account validation
-
remember-me
-
password change
-
forgot password
-
security questions
-
user password reset
-
session management in spring security